Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2023.0003
linux security update
2 January 2023
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: linux
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2022-43750 CVE-2022-42896 CVE-2022-42895
CVE-2022-42329 CVE-2022-42328 CVE-2022-41850
CVE-2022-41849 CVE-2022-40768 CVE-2022-29901
CVE-2022-20369 CVE-2022-4378 CVE-2022-4232
CVE-2022-3649 CVE-2022-3646 CVE-2022-3643
CVE-2022-3640 CVE-2022-3628 CVE-2022-3621
CVE-2022-3594 CVE-2022-3565 CVE-2022-3564
CVE-2022-3524 CVE-2022-3521 CVE-2022-2978
Original Bulletin:
https://www.debian.org/lts/security/2022/dla-3245
Comment: CVSS (Max): 10.0 CVE-2022-3643 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS Source: [NVD], Red Hat
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3245-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Ben Hutchings
December 21, 2022 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : linux
Version : 4.19.269-1
CVE ID : CVE-2022-2978 CVE-2022-3521 CVE-2022-3524 CVE-2022-3564
CVE-2022-3565 CVE-2022-3594 CVE-2022-3621 CVE-2022-3628
CVE-2022-3640 CVE-2022-3643 CVE-2022-3646 CVE-2022-3649
CVE-2022-4378 CVE-2022-20369 CVE-2022-29901 CVE-2022-40768
CVE-2022-41849 CVE-2022-41850 CVE-2022-42328 CVE-2022-4232=
9
CVE-2022-42895 CVE-2022-42896 CVE-2022-43750
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
CVE-2022-2978
"butt3rflyh4ck", Hao Sun, and Jiacheng Xu reported a flaw in the
nilfs2 filesystem driver which can lead to a use-after-free. A
local use might be able to exploit this to cause a denial of
service (crash or memory corruption) or possibly for privilege
escalation.
CVE-2022-3521
The syzbot tool found a race condition in the KCM subsystem
which could lead to a crash.
This subsystem is not enabled in Debian's official kernel
configurations.
CVE-2022-3524
The syzbot tool found a race condition in the IPv6 stack which
could lead to a memory leak. A local user could exploit this to
cause a denial of service (memory exhaustion).
CVE-2022-3564
A flaw was discovered in the Bluetooh L2CAP subsystem which
would lead to a use-after-free. This might be exploitable
to cause a denial of service (crash or memory corruption) or
possibly for privilege escalation.
CVE-2022-3565
A flaw was discovered in the mISDN driver which would lead to a
use-after-free. This might be exploitable to cause a denial of
service (crash or memory corruption) or possibly for privilege
escalation.
CVE-2022-3594
Andrew Gaul reported that the r8152 Ethernet driver would log
excessive numbers of messages in response to network errors. A
remote attacker could possibly exploit this to cause a denial of
service (resource exhaustion). =20
CVE-2022-3621, CVE-2022-3646
The syzbot tool found flaws in the nilfs2 filesystem driver which
can lead to a null pointer dereference or memory leak. A user
permitted to mount arbitrary filesystem images could use these to
cause a denial of service (crash or resource exhaustion).
CVE-2022-3628
Dokyung Song, Jisoo Jang, and Minsuk Kang reported a potential
heap-based buffer overflow in the brcmfmac Wi-Fi driver. A user
able to connect a malicious USB device could exploit this to cause
a denial of service (crash or memory corruption) or possibly for
privilege escalation.
CVE-2022-3640
A flaw was discovered in the Bluetooh L2CAP subsystem which
would lead to a use-after-free. This might be exploitable
to cause a denial of service (crash or memory corruption) or
possibly for privilege escalation.
CVE-2022-3643 (XSA-423)
A flaw was discovered in the Xen network backend driver that would
result in it generating malformed packet buffers. If these
packets were forwarded to certain other network devices, a Xen
guest could exploit this to cause a denial of service (crash or
device reset).
CVE-2022-3649
The syzbot tool found flaws in the nilfs2 filesystem driver which
can lead to a use-after-free. A user permitted to mount arbitrary
filesystem images could use these to cause a denial of service
(crash or memory corruption) or possibly for privilege escalation.
CVE-2022-4378
Kyle Zeng found a flaw in procfs that would cause a stack-based
buffer overflow. A local user permitted to write to a sysctl
could use this to cause a denial of service (crash or memory
corruption) or possibly for privilege escalation.
CVE-2022-20369
A flaw was found in the v4l2-mem2mem media driver that would lead
to an out-of-bounds write. A local user with access to such a
device could exploit this for privilege escalation.
CVE-2022-29901
Johannes Wikner and Kaveh Razavi reported that for Intel
processors (Intel Core generation 6, 7 and 8), protections against
speculative branch target injection attacks were insufficient in
some circumstances, which may allow arbitrary speculative code
execution under certain microarchitecture-dependent conditions.
More information can be found at
https://www.intel.com/content/www/us/en/developer/articles/technical/so=
ftware-security-guidance/advisory-guidance/return-stack-buffer-underflow.ht=
ml
CVE-2022-40768
"hdthky" reported that the stex SCSI adapter driver did not fully
initialise a structure that is copied to user-space. A local user
with access to such a device could exploit this to leak sensitive
information.
CVE-2022-41849
A race condition was discovered in the smscufx graphics driver,
which could lead to a use-after-free. A user able to remove the
physical device while also accessing its device node could exploit
this to cause a denial of service (crash or memory corruption) or
possibly for privilege escalation.
CVE-2022-41850
A race condition was discovered in the hid-roccat input driver,
which could lead to a use-after-free. A local user able to access
such a device could exploit this to cause a denial of service
(crash or memory corruption) or possibly for privilege escalation.
CVE-2022-42328, CVE-2022-42329 (XSA-424)
Yang Yingliang reported that the Xen network backend driver did
not use the proper function to free packet buffers in one case,
which could lead to a deadlock. A Xen guest could exploit this to
cause a denial of service (hang).
CVE-2022-42895
Tam=C3=A1s Koczka reported a flaw in the Bluetooh L2CAP subsystem
that would result in reading uninitialised memory. A nearby
attacker able to make a Bluetooth connection could exploit
this to leak sensitive information.
CVE-2022-42896
Tam=C3=A1s Koczka reported flaws in the Bluetooh L2CAP subsystem that
can lead to a use-after-free. A nearby attacker able to make a
Bluetooth SMP connection could exploit this to cause a denial of
service (crash or memory corruption) or possibly for remote code
execution.
CVE-2022-43750
The syzbot tool found that the USB monitor (usbmon) driver allowed
user-space programs to overwrite the driver's data structures. A
local user permitted to access a USB monitor device could exploit
this to cause a denial of service (memory corruption or crash) or
possibly for privilege escalation. However, by default only the
root user can access such devices.
For Debian 10 buster, these problems have been fixed in version
4.19.269-1.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linux
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Ben Hutchings - Debian developer, member of kernel, installer and LTS
teams
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY7KQsskNZI30y1K9AQiEFw//RNp+I54PNZ4IUfeD5+a7PIvVrj9LW4/K
oEQ1cI5wLrw2rM9GrPfymJ4807wtkb8eAY71liyLHZY90OEL8ZMYQ0l3/lybjLYU
BGWxWbdQu1JUT1LI+eForYANnH+ftPG3qISxMrReLKNIf5/zYFNErrlz6jdKzWPh
ZPxMDVedYHhfZdCdECYpTrGdWvEaW2a4SWRnp44HDZBcpoq+0AVNJHPtfFMllT0p
zVTluBGCTvT5OruwD217El+RYYnkUabfqWdM4zTe+4z5IaIUSGWfv9tRQY5kb+f/
h4B3KEn3Fgy86W3c59q2qeykZnb79LSrn/TgILqWJoN+l//yQw/X5vOUayXyEpQf
/U1DQnLOHE1Pci8pq0aMB8xmdzB6lqssfIYwkdDcR5TfrvCZ3XQyqk0QYkZEuXu0
badLhUj9iBudU+ITrvcMrHWYcfRX05fy7TgnZoBl2OaNGX/AtAxNDuHgusWZlZ9X
96vsSFz0p5tnA3cvY0GzFi2qdrNyuWDW7FF3rrgulzQb2FEtXJ8M+YIpN2BMhQI/
GEGGLNUrJ+PHXP2aodO9I9PFg+I4pjuJb8pjpVZSaAc7MlLXTN3wwBgJ4jojKiql
g0xQMxmlwSlW90p88abJ6Jh93pOMK/jUJTyTPNwx3E/CU1zup8HXlzFcGcR5wTWU
hAcdhiVyaJQ=
=IVPX
-----END PGP SIGNATURE-----