Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4912 linux security update 4 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux kernel Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-40307 CVE-2022-39842 CVE-2022-39188 CVE-2022-36946 CVE-2022-36879 CVE-2022-33744 CVE-2022-33742 CVE-2022-33741 CVE-2022-33740 CVE-2022-26373 CVE-2022-26365 CVE-2022-3028 CVE-2022-2663 CVE-2022-2588 CVE-2022-2586 CVE-2022-2318 CVE-2022-2153 CVE-2022-1679 CVE-2022-1462 CVE-2021-33656 CVE-2021-33655 CVE-2021-4159 Original Bulletin: https://www.debian.org/lts/security/2022/dla-3131 Comment: CVSS (Max): 7.8* CVE-2022-2588 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD, [Red Hat], SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * Not all CVSS available when published - --------------------------BEGIN INCLUDED TEXT-------------------- - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3131-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Ben Hutchings October 01, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : linux Version : 4.19.260-1 CVE ID : CVE-2021-4159 CVE-2021-33655 CVE-2021-33656 CVE-2022-1462 CVE-2022-1679 CVE-2022-2153 CVE-2022-2318 CVE-2022-2586 CVE-2022-2588 CVE-2022-2663 CVE-2022-3028 CVE-2022-26365 CVE-2022-26373 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33744 CVE-2022-36879 CVE-2022-36946 CVE-2022-39188 CVE-2022-39842 CVE-2022-40307 Debian Bug : 1018752 Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks. CVE-2021-4159 A flaw was found in the eBPF verifier which could lead to an out-of-bounds read. If unprivileged use of eBPF is enabled, this could leak sensitive information. This was already disabled by default, which would fully mitigate the vulnerability. CVE-2021-33655 A user with access to a framebuffer console device could cause a memory out-of-bounds write via the FBIOPUT_VSCREENINFO ioctl. CVE-2021-33656 A user with access to a framebuffer console device could cause a memory out-of-bounds write via some font setting ioctls. These obsolete ioctls have been removed. CVE-2022-1462 Yi Zhi Gou reported a race condition in the pty (pseudo-terminal) subsystem that can lead to a slab out-of-bounds write. A local user could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. CVE-2022-1679 The syzbot tool found a race condition in the ath9k_htc driver which can lead to a use-after-free. This might be exploitable to cause a denial service (crash or memory corruption) or possibly for privilege escalation. CVE-2022-2153 "kangel" reported a flaw in the KVM implementation for x86 processors which could lead to a null pointer dereference. A local user permitted to access /dev/kvm could exploit this to cause a denial of service (crash). CVE-2022-2318 A use-after-free in the Amateur Radio X.25 PLP (Rose) support may result in denial of service. CVE-2022-2586 A use-after-free in the Netfilter subsystem may result in local privilege escalation for a user with the CAP_NET_ADMIN capability in any user or network namespace. CVE-2022-2588 Zhenpeng Lin discovered a use-after-free flaw in the cls_route filter implementation which may result in local privilege escalation for a user with the CAP_NET_ADMIN capability in any user or network namespace. CVE-2022-2663 David Leadbeater reported flaws in the nf_conntrack_irc connection-tracking protocol module. When this module is enabled on a firewall, an external user on the same IRC network as an internal user could exploit its lax parsing to open arbitrary TCP ports in the firewall, to reveal their public IP address, or to block their IRC connection at the firewall. CVE-2022-3028 Abhishek Shah reported a race condition in the AF_KEY subsystem, which could lead to an out-of-bounds write or read. A local user could exploit this to cause a denial of service (crash or memory corruption), to obtain sensitive information, or possibly for privilege escalation. CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742 Roger Pau Monne discovered that Xen block and network PV device frontends don't zero out memory regions before sharing them with the backend, which may result in information disclosure. Additionally it was discovered that the granularity of the grant table doesn't permit sharing less than a 4k page, which may also result in information disclosure. CVE-2022-26373 It was discovered that on certain processors with Intel's Enhanced Indirect Branch Restricted Speculation (eIBRS) capabilities there are exceptions to the documented properties in some situations, which may result in information disclosure. Intel's explanation of the issue can be found at https://www.intel.com/content/www/us/en/developer/articles/technical/ software-security-guidance/advisory-guidance/post-barrier-return-stack- buffer-predictions.html CVE-2022-33744 Oleksandr Tyshchenko discovered that ARM Xen guests can cause a denial of service to the Dom0 via paravirtual devices. CVE-2022-36879 A flaw was discovered in xfrm_expand_policies in the xfrm subsystem which can cause a reference count to be dropped twice. CVE-2022-36946 Domingo Dirutigliano and Nicola Guerrera reported a memory corruption flaw in the Netfilter subsystem which may result in denial of service. CVE-2022-39188 Jann Horn reported a race condition in the kernel's handling of unmapping of certain memory ranges. When a driver created a memory mapping with the VM_PFNMAP flag, which many GPU drivers do, the memory mapping could be removed and freed before it was flushed from the CPU TLBs. This could result in a page use-after- free. A local user with access to such a device could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. CVE-2022-39842 An integer overflow was discovered in the pxa3xx-gcu video driver which could lead to a heap out-of-bounds write. This driver is not enabled in Debian's official kernel configurations. CVE-2022-40307 A race condition was discovered in the EFI capsule-loader driver, which could lead to use-after-free. A local user permitted to access this device (/dev/efi_capsule_loader) could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. However, this device is normally only accessible by the root user. For Debian 10 buster, these problems have been fixed in version 4.19.260-1. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAmM5v/wACgkQ57/I7JWG EQnRkw//S+iIt00JMQDnmYmtikHRtX3m9GZFZcklBwMs/7gZQsWfQYbB1xXpf0o8 4LOBvmwzF8cjz2q0Y56JtRV+Vi9NVVs3Xd4QZMJUOYHJFivbNzh4FpDRCtTb+ozZ ct2XHjdlfwI/KPzFgemT4bpY/N5TPwWftenqnGNjPFykrUfR385ngEp2CHCRzMTy A2baIpMA5u/kRARSej4PzvC/WR47/ul0eXj44PRR2Rl1IwWrH8SzuGav8v4EuzXn w9fFrV/HMrYhzLMFkYZMBltGOP/MJ8XIFP9ztzpT2tETUPJ4Oj8gqjNFPW8lUwDc /Hy+OiMIikk17WfkT3ULHfqmwSCQhjWBvXnuW+2zOig/IT3rRf4hFS9zsh5mY9hR 5B7ncinHU2e2QLEVmY25jLsIQlhzQD6DSSiA7RcP/1VHhuhWt883SolJ6MwyxOZ5 OL9fxxtsXra+rCYbdYCSn4QUrt+HEBU1rHZOUb/Ks89cn67WGW9+J04UPvwYugXj bKYqhNkm9KmFgWnp+S3v2n0ExasKrH1Q4e0Pbjo8PqG7J1u3bfsUn2ULiYTlA6QD 0TQ9Y2bZIVSFNWRdfO2rIFKTsxexuKBqKOlm53AgtG26igP6Oqocj9+bEqAdOIA5 a+3uFP72msu6zmf2F5sizXr8naHEehtNAo6gZjqzF1eiCFMndPU= =/gD5 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYzul+ckNZI30y1K9AQhnDg//UyunB7OEnIaQqayCPReFb7TjIq+BxYv/ /VWc+h+6P3RQUGP4uHf/634ME5W6M0lz8sJeUYmj+ilNsR75S2hJzZzT/El52RRF JynPPu5ArEJ6T0jOFblph4lUJe7V1lS/9xvu08zo097wFTDH/33ye6RxJcg51jjh 74FiuBvS0R2pTjl1rl3dqDWoTb2f7+oWlcnHGcQXr6t8VqdzirhY8j1vmDr1Z/qS UBsAgwrEfF4KMGheWsW3y+JyJXrV9dMIC4lS04KPlsz6OIPUrCInh+bItmbCuHub s2elGyvvY+SZAPMHqq6bilzRpqAASoYzeC52yO2WKRDro2M3rQcLqa9ggGB4LYKo kHfSeegZOuQgF3vnFEDInGE1eBRd/ae2D0Pb2sPbm7bkNJgSi/1NfrkN3Pis79/Q KsAtoxxyt9Q7rp+2t4i49L1J4JcBl3PIsoujITwGch+PVpMSq5d+mJqLjtcqBbFA ajETey1/gV9o0rYnP8e5qPPQ5gn4+DqLS4fsL7oCk2lqUytoNP4Ts5YKuZseo9Zn OznBULn9No7xyCgx8Z13rKcadq53Gie+BXnhl3XUYWSNaqlhScOe3U99+qoGa6kd OtRe414ySQQmSglORBz6uoP2OzMiv8BRL/hrJBXjgkzi5AMEq1pLUY8dgrEy9DOx Z6jPmtP/LGs= =FmPg -----END PGP SIGNATURE-----