Lucene search

DebianDEBIAN:DSA-5161-1:2800F

HistoryJun 11, 2022 - 9:15 a.m.

[SECURITY] [DSA 5161-1] linux security update

2022-06-1109:15:06

lists.debian.org

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

3.5 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

14.3%

JSON

Debian Security Advisory DSA-5161-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
June 11, 2022 https://www.debian.org/security/faq

Package : linux
CVE ID : CVE-2022-0494 CVE-2022-0854 CVE-2022-1012 CVE-2022-1729
CVE-2022-1786 CVE-2022-1789 CVE-2022-1852 CVE-2022-1966
CVE-2022-1972 CVE-2022-1974 CVE-2022-1975 CVE-2022-21499
CVE-2022-28893

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2022-0494

The scsi_ioctl() was susceptible to an information leak only
exploitable by users with CAP_SYS_ADMIN or CAP_SYS_RAWIO
capabilities.

CVE-2022-0854

Ali Haider discovered a potential information leak in the DMA
subsystem. On systems where the swiotlb feature is needed, this
might allow a local user to read sensitive information.

CVE-2022-1012

The randomisation when calculating port offsets in the IP
implementation was enhanced.

CVE-2022-1729

Norbert Slusarek discovered a race condition in the perf subsystem
which could result in local privilege escalation to root. The
default settings in Debian prevent exploitation unless more
permissive settings have been applied in the
kernel.perf_event_paranoid sysctl.

CVE-2022-1786

Kyle Zeng discovered a use-after-free in the io_uring subsystem
which way result in local privilege escalation to root.

CVE-2022-1789 / CVE-2022-1852

Yongkang Jia, Gaoning Pan and Qiuhao Li discovered two NULL pointer
dereferences in KVM&#x27;s CPU instruction handling, resulting in denial
of service.

CVE-2022-1966

Aaron Adams discovered a use-after-free in Netfilter which may
result in local privilege escalation to root.

CVE-2022-1972

Ziming Zhang discovered an out-of-bound write in Netfilter which may
result in local privilege escalation to root.

CVE-2022-1974 / CVE-2022-1975

Duoming Zhou discovered that the NFC netlink interface was
suspectible to denial of service.

CVE-2022-21499

It was discovered that the kernel debugger could be used to bypass
UEFI Secure Boot restrictions.

CVE-2022-28893

Felix Fu discovered a use-after-free in the implementation of the
Remote Procedure Call (SunRPC) protocol, which could in denial of
service or an information leak.

For the stable distribution (bullseye), these problems have been fixed in
version 5.10.120-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian11mips64ellinux-perf-5.10< 5.10.120-1linux-perf-5.10_5.10.120-1_mips64el.deb
Debian10mipselkernel-image-4.19.0-21-loongson-3-di< 4.19.249-2kernel-image-4.19.0-21-loongson-3-di_4.19.249-2_mipsel.deb
Debian10ppc64elusb-serial-modules-4.19.0-21-powerpc64le-di< 4.19.249-2usb-serial-modules-4.19.0-21-powerpc64le-di_4.19.249-2_ppc64el.deb
Debian10arm64linux-headers-4.19.0-21-arm64< 4.19.249-2linux-headers-4.19.0-21-arm64_4.19.249-2_arm64.deb
Debian11i386libcpupower-dev< 5.10.120-1libcpupower-dev_5.10.120-1_i386.deb
Debian9armhflibusbip-dev< 2.0+4.9.320-2libusbip-dev_2.0+4.9.320-2_armhf.deb
Debian10mips64elmultipath-modules-4.19.0-21-octeon-di< 4.19.249-2multipath-modules-4.19.0-21-octeon-di_4.19.249-2_mips64el.deb
Debian11armhfkernel-image-5.10.0-15-armmp-di< 5.10.120-1kernel-image-5.10.0-15-armmp-di_5.10.120-1_armhf.deb
Debian10ppc64elusb-modules-4.19.0-21-powerpc64le-di< 4.19.249-2usb-modules-4.19.0-21-powerpc64le-di_4.19.249-2_ppc64el.deb
Debian11ppc64ellibcpupower1< 5.10.120-1libcpupower1_5.10.120-1_ppc64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	mips64el	linux-perf-5.10	< 5.10.120-1	linux-perf-5.10_5.10.120-1_mips64el.deb
Debian	10	mipsel	kernel-image-4.19.0-21-loongson-3-di	< 4.19.249-2	kernel-image-4.19.0-21-loongson-3-di_4.19.249-2_mipsel.deb
Debian	10	ppc64el	usb-serial-modules-4.19.0-21-powerpc64le-di	< 4.19.249-2	usb-serial-modules-4.19.0-21-powerpc64le-di_4.19.249-2_ppc64el.deb
Debian	10	arm64	linux-headers-4.19.0-21-arm64	< 4.19.249-2	linux-headers-4.19.0-21-arm64_4.19.249-2_arm64.deb
Debian	11	i386	libcpupower-dev	< 5.10.120-1	libcpupower-dev_5.10.120-1_i386.deb
Debian	9	armhf	libusbip-dev	< 2.0+4.9.320-2	libusbip-dev_2.0+4.9.320-2_armhf.deb
Debian	10	mips64el	multipath-modules-4.19.0-21-octeon-di	< 4.19.249-2	multipath-modules-4.19.0-21-octeon-di_4.19.249-2_mips64el.deb
Debian	11	armhf	kernel-image-5.10.0-15-armmp-di	< 5.10.120-1	kernel-image-5.10.0-15-armmp-di_5.10.120-1_armhf.deb
Debian	10	ppc64el	usb-modules-4.19.0-21-powerpc64le-di	< 4.19.249-2	usb-modules-4.19.0-21-powerpc64le-di_4.19.249-2_ppc64el.deb
Debian	11	ppc64el	libcpupower1	< 5.10.120-1	libcpupower1_5.10.120-1_ppc64el.deb