Debian Long Term Support / LTS Security Information / 2023 / Security Information -- DLA-3349-1 linux-5.10

Debian Security Advisory

DLA-3349-1 linux-5.10 -- LTS security update

Date Reported:

02 Mar 2023

Affected Packages:

linux-5.10

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 825141, Bug 1008501, Bug 1027430, Bug 1027483.
In Mitre's CVE dictionary: CVE-2022-2873, CVE-2022-3545, CVE-2022-3623, CVE-2022-4696, CVE-2022-36280, CVE-2022-41218, CVE-2022-45934, CVE-2022-47929, CVE-2023-0179, CVE-2023-0240, CVE-2023-0266, CVE-2023-0394, CVE-2023-23454, CVE-2023-23455, CVE-2023-23586.

More information:

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

• CVE-2022-2873

  Zheyu Ma discovered that an out-of-bounds memory access flaw in the Intel iSMT SMBus 2.0 host controller driver may result in denial of service (system crash).

• CVE-2022-3545

  It was discovered that the Netronome Flow Processor (NFP) driver contained a use-after-free flaw in area_cache_get(), which may result in denial of service or the execution of arbitrary code.

• CVE-2022-3623

  A race condition when looking up a CONT-PTE/PMD size hugetlb page may result in denial of service or an information leak.

• CVE-2022-4696

  A use-after-free vulnerability was discovered in the io_uring subsystem.

• CVE-2022-36280

  An out-of-bounds memory write vulnerability was discovered in the vmwgfx driver, which may allow a local unprivileged user to cause a denial of service (system crash).

• CVE-2022-41218

  Hyunwoo Kim reported a use-after-free flaw in the Media DVB core subsystem caused by refcount races, which may allow a local user to cause a denial of service or escalate privileges.

• CVE-2022-45934

  An integer overflow in l2cap_config_req() in the Bluetooth subsystem was discovered, which may allow a physically proximate attacker to cause a denial of service (system crash).

• CVE-2022-47929

  Frederick Lawler reported a NULL pointer dereference in the traffic control subsystem allowing an unprivileged user to cause a denial of service by setting up a specially crafted traffic control configuration.

• CVE-2023-0179

  Davide Ornaghi discovered incorrect arithmetics when fetching VLAN header bits in the netfilter subsystem, allowing a local user to leak stack and heap addresses or potentially local privilege escalation to root.

• CVE-2023-0240

  A flaw was discovered in the io_uring subsystem that could lead to a use-after-free. A local user could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.

• CVE-2023-0266

  A use-after-free flaw in the sound subsystem due to missing locking may result in denial of service or privilege escalation.

• CVE-2023-0394

  Kyle Zeng discovered a NULL pointer dereference flaw in rawv6_push_pending_frames() in the network subsystem allowing a local user to cause a denial of service (system crash).

• CVE-2023-23454

  Kyle Zeng reported that the Class Based Queueing (CBQ) network scheduler was prone to denial of service due to interpreting classification results before checking the classification return code.

• CVE-2023-23455

  Kyle Zeng reported that the ATM Virtual Circuits (ATM) network scheduler was prone to a denial of service due to interpreting classification results before checking the classification return code.

• CVE-2023-23586

  A flaw was discovered in the io_uring subsystem that could lead to an information leak. A local user could exploit this to obtain sensitive information from the kernel or other users.

For Debian 10 buster, these problems have been fixed in version 5.10.162-1~deb10u1.

This update also fixes Debian bugs #825141, #1008501, #1027430, and 5.10.159-5.10.162 inclusive.

We recommend that you upgrade your linux-5.10 packages.

For the detailed security status of linux-5.10 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux-5.10

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

--pgIrMxmM/8co4Tq2 Content-Type: application/pgp-signature; name="signature.asc"