Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2014 linux security update 3 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux kernel Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-29582 CVE-2022-28390 CVE-2022-28389 CVE-2022-28388 CVE-2022-28356 CVE-2022-27666 CVE-2022-26490 CVE-2022-1516 CVE-2022-1353 CVE-2022-1205 CVE-2022-1204 CVE-2022-1199 CVE-2022-1198 CVE-2022-1195 CVE-2022-1158 CVE-2022-1048 CVE-2022-1016 CVE-2022-0168 CVE-2021-4197 Original Bulletin: http://www.debian.org/security/2022/dsa-5127 Comment: CVSS (Max): 7.8 CVE-2022-28390 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: [NVD], Red Hat, SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-5127-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 02, 2022 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2021-4197 CVE-2022-0168 CVE-2022-1016 CVE-2022-1048 CVE-2022-1158 CVE-2022-1195 CVE-2022-1198 CVE-2022-1199 CVE-2022-1204 CVE-2022-1205 CVE-2022-1353 CVE-2022-1516 CVE-2022-26490 CVE-2022-27666 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-29582 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2021-4197 Eric Biederman reported that incorrect permission checks in the cgroup process migration implementation can allow a local attacker to escalate privileges. CVE-2022-0168 A NULL pointer dereference flaw was found in the CIFS client implementation which can allow a local attacker with CAP_SYS_ADMIN privileges to crash the system. The security impact is negligible as CAP_SYS_ADMIN inherently gives the ability to deny service. CVE-2022-1016 David Bouman discovered a flaw in the netfilter subsystem where the nft_do_chain function did not initialize register data that nf_tables expressions can read from and write to. A local attacker can take advantage of this to read sensitive information. CVE-2022-1048 Hu Jiahui discovered a race condition in the sound subsystem that can result in a use-after-free. A local user permitted to access a PCM sound device can take advantage of this flaw to crash the system or potentially for privilege escalation. CVE-2022-1158 Qiuhao Li, Gaoning Pan, and Yongkang Jia discovered a bug in the KVM implementation for x86 processors. A local user with access to /dev/kvm could cause the MMU emulator to update page table entry flags at the wrong address. They could exploit this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2022-1195 Lin Ma discovered race conditions in the 6pack and mkiss hamradio drivers, which could lead to a use-after-free. A local user could exploit these to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2022-1198 Duoming Zhou discovered a race condition in the 6pack hamradio driver, which could lead to a use-after-free. A local user could exploit this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2022-1199, CVE-2022-1204, CVE-2022-1205 Duoming Zhou discovered race conditions in the AX.25 hamradio protocol, which could lead to a use-after-free or null pointer dereference. A local user could exploit this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2022-1353 The TCS Robot tool found an information leak in the PF_KEY subsystem. A local user can receive a netlink message when an IPsec daemon reegisters with the kernel, and this could include sensitive information. CVE-2022-1516 A NULL pointer dereference flaw in the implementation of the X.25 set of standardized network protocols, which can result in denial of service. This driver is not enabled in Debian's official kernel configurations. CVE-2022-26490 Buffer overflows in the STMicroelectronics ST21NFCA core driver can result in denial of service or privilege escalation. This driver is not enabled in Debian's official kernel configurations. CVE-2022-27666 "valis" reported a possible buffer overflow in the IPsec ESP transformation code. A local user can take advantage of this flaw to cause a denial of service or for privilege escalation. CVE-2022-28356 Beraphin discovered that the ANSI/IEEE 802.2 LLC type 2 driver did not properly perform reference counting on some error paths. A local attacker can take advantage of this flaw to cause a denial of service. CVE-2022-28388 A double free vulnerability was discovered in the 8 devices USB2CAN interface driver. CVE-2022-28389 A double free vulnerability was discovered in the Microchip CAN BUS Analyzer interface driver. CVE-2022-28390 A double free vulnerability was discovered in the EMS CPC-USB/ARM7 CAN/USB interface driver. CVE-2022-29582 Jayden Rivers and David Bouman discovered a user-after-free vulnerability in the io_uring subystem due to a race condition in io_uring timeouts. A local unprivileged user can take advantage of this flaw for privilege escalation. For the stable distribution (bullseye), these problems have been fixed in version 5.10.113-1. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmJwRg9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0S8bw//bsMGzd7yC5QHR9/G3Vxn10HSYSy9vkPdOrg9nt58xCygMTvj9G4Ur7P5 SqPulxdczzDQgAEl/UVzmCifFMAbfi77w+0feha6zbrjz4yD8vtmk1caVmvbqOxE MsS7GKyFdRxvqWoCG1boIZZ5aKFCgXug4cY1nARJo4tadF3W3lZw9LP9+kdDJ0Z8 4zfzd1fa0tn6Bk9lqVvaks3zVxLA2Iev0yaLGpWPbsrqiSEnB/e1tWAQX7CVRUNT kY48YpAsGraOyjTMkmLyeXNYHwdNYfKR27DK/4CpXeVzqADlMqKtFOp0lvQhF54t KcBvJjvQsJ5ua7qjoJS97SLlMp7aZ3DvBnz28hn3vDp5iqFDTdLSmuPqJGy5JAOD JdijjSFCB2tTjDLBha+1mGAB2kJG8Kj0rcEiQTyFARejOoCIQg9R3EWfp5HI8DCn e4fGZdRATm6Qe9ofBlVmKmVpV36NaiZuy3UA8lhKTlJsjIhwnFB/WknG93/G64HK wMSkbbXDPoYgH06emh0RIXzddfHHO+mZBgUysHBX5pE0KdDazPleFGn5yOdlX8k5 5OT35Cga+hRVT9KNQfz4Me0AEt0kEwyMIUM6R49KvB8eQ9Az1OjO0yWONz4F5mDW 0HoSJCW+9gZzljIebL+odSyT/dvUZpP/xVzE8DRukDyn99GY6y4= =vCuc - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYnCUmONLKJtyKPYoAQjnZA//as2reiQ1RjXlcOe+aVbEKB+KM1JOIbIg 2WjLBlx7ZEGMh7sqVVJNPls/GAGZ9jIUDxJm6bYIlrInJq0CN3VjdUAnSngnvuUG l7EOYvjZA0c761SXkknFtjXU1yVWPofU0SzPHXKX44OEkNwuV7eb6YWsgKwnz4gH ABYLbdUxGPdRwsYXY6K59Y/6Dd9lkp2tGlO569wimgo1cPzUjW9IdvHy4bpu5OEu 002IFIZ8iAIektwPUZmUN0RgXacOePLZQwyD7CYX0KkrScGWLFzpqd2LMnlA99VL PQmkNVNFR8MZJ+swG2Uxm4sjQtBK3h4txnLAd1jYMKgKp7PYA+0SgLIyeZCzK1fi 5gIcsYTmPICehkQgDw5Rz8wVK9Ew1mK32nC4EyGnAWdZJM8cm6ixObHi8R5Kf+aH +TTPK4VjD0pOtWPmesjDuMocFwx3BUofauyeGfKqqiy1yR5AjnuexG4E9rrnqoDh XPnhpfBhht6ECLhW1l1mBvc4jDlwXOUsd7yqxCVOtybafd/WBYvhpppu706IqZOM M0XbuTIrHM1eHscI97eeixpBFJYw25meLPXzK6kYYUzzRSdb6CiGDblDxmIdAWNL jppHpcSl5zBJANWjY5UDVGM9s2caqnDVxrnYDZJ6Lfnp89B4N99T9MXEGmn2fuG7 NAzHGwSPb4s= =OnTS -----END PGP SIGNATURE-----