Debian Security Advisory
DLA-3508-1 linux -- LTS security update
- Date Reported:
- 27 Jul 2023
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2023-1380, CVE-2023-2002, CVE-2023-2007, CVE-2023-2269, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3268, CVE-2023-3338, CVE-2023-20593, CVE-2023-31084, CVE-2023-32233, CVE-2023-34256, CVE-2023-35788, CVE-2023-35823, CVE-2023-35824, CVE-2023-35828.
- More information:
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Jisoo Jang reported a heap out-of-bounds read in the brcmfmac Wi-Fi driver. On systems using this driver, a local user could exploit this to read sensitive information or to cause a denial of service (crash).
Ruiahn Li reported an incorrect permissions check in the Bluetooth subsystem. A local user could exploit this to reconfigure local Bluetooth interfaces, resulting in information leaks, spoofing, or denial of service (loss of connection).
Lucas Leong (@_wmliang_) and Reno Robert of Trend Micro Zero Day Initiative discovered a time-of-check-to-time-of-use flaw in the dpt_i2o SCSI controller driver. A local user with access to a SCSI device using this driver could exploit this for privilege escalation.
This flaw has been mitigated by removing support for the I2OUSRCMD operation.
Zheng Zhang reported that improper handling of locking in the device mapper implementation may result in denial of service.
It was discovered that missing initialization in ipvlan networking may lead to an out-of-bounds write vulnerability, resulting in denial of service or potentially the execution of arbitrary code.
The TOTE Robot tool found a flaw in the Btrfs filesystem driver that can lead to a use-after-free. It's unclear whether an unprivileged user can exploit this.
A flaw was discovered in the r592 memstick driver that could lead to a use-after-free after the driver is removed or unbound from a device. The security impact of this is unclear.
It was discovered that an out-of-bounds memory access in relayfs could result in denial of service or an information leak.
Ornaghi Davide discovered a flaw in the DECnet protocol implementation which could lead to a null pointer dereference or use-after-free. A local user can exploit this to cause a denial of service (crash or memory corruption) and probably for privilege escalation.
This flaw has been mitigated by removing the DECnet protocol implementation.
Tavis Ormandy discovered that under specific microarchitectural circumstances, a vector register in AMD
Zen 2CPUs may not be written to 0 correctly. This flaw allows an attacker to leak sensitive information across concurrent processes, hyper threads and virtualized guests.
For details please refer to https://lock.cmpxchg8b.com/zenbleed.html and https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8.
This issue can also be mitigated by a microcode update through the amd64-microcode package or a system firmware (BIOS/UEFI) update. However, the initial microcode release by AMD only provides updates for second generation EPYC CPUs. Various Ryzen CPUs are also affected, but no updates are available yet.
It was discovered that the DVB Core driver does not properly handle locking of certain events, allowing a local user to cause a denial of service.
Patryk Sondej and Piotr Krysiuk discovered a use-after-free flaw in the Netfilter nf_tables implementation when processing batch requests, which may result in local privilege escalation for a user with the CAP_NET_ADMIN capability in any user or network namespace.
The syzbot tool found a time-of-check-to-time-of-use flaw in the ext4 filesystem driver. An attacker able to mount a disk image or device that they can also write to directly could exploit this to cause an out-of-bounds read, possibly resulting in a leak of sensitive information or denial of service (crash).
Hangyu Hua discovered an out-of-bounds write vulnerability in the Flower classifier which may result in denial of service or the execution of arbitrary code.
A flaw was discovered in the saa7134 media driver that could lead to a use-after-free after the driver is removed or unbound from a device. The security impact of this is unclear.
A flaw was discovered in the dm1105 media driver that could lead to a use-after-free after the driver is removed or unbound from a device. The security impact of this is unclear.
A flaw was discovered in the renesas_udc USB device-mode driver that could lead to a use-after-free after the driver is removed or unbound from a device. The security impact of this is unclear.
This driver is not enabled in Debian's official kernel configurations.
For Debian 10 buster, these problems have been fixed in version 4.19.289-1.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS