Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-5191-1:574E3
HistoryJul 26, 2022 - 8:07 p.m.

[SECURITY] [DSA 5191-1] linux security update

2022-07-2620:07:34
lists.debian.org
46

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

0.001 Low

EPSS

Percentile

26.5%

JSON

Debian Security Advisory DSA-5191-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
July 26, 2022 https://www.debian.org/security/faq

Package : linux
CVE ID : CVE-2021-33655 CVE-2022-2318 CVE-2022-26365 CVE-2022-33740
CVE-2022-33741 CVE-2022-33742 CVE-2022-33743 CVE-2022-33744
CVE-2022-34918

Several vulnerabilities have been discovered in the Linux kernel that may
lead to privilege escalation, denial of service or information leaks:

CVE-2021-33655

A user with access to a framebuffer console driver could cause a
memory out-of-bounds write via the FBIOPUT_VSCREENINFO ioctl.

CVE-2022-2318

A use-after-free in the Amateur Radio X.25 PLP (Rose) support may
result in denial of service.

CVE-2022-26365 / CVE-2022-33740 / CVE-2022-33741 / CVE-2022-33742

Roger Pau Monne discovered that Xen block and network PV device
frontends don't zero out memory regions before sharing them with the
backend, which may result in information disclosure. Additionally it
was discovered that the granularity of the grant table doesn't permit
sharing less than a 4k page, which may also result in information
disclosure.

CVE-2022-33743

Jan Beulich discovered that incorrect memory handling in the Xen
network backend may lead to denial of service.

CVE-2022-33744

Oleksandr Tyshchenko discovered that ARM Xen guests can cause a denial
of service to the Dom0 via paravirtual devices.

CVE-2022-34918

Arthur Mongodin discovered a heap buffer overflow in the Netfilter
subsystem which may result in local privilege escalation.

For the stable distribution (bullseye), these problems have been fixed in
version 5.10.127-2.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian11amd64libcpupower1-dbgsym< 5.10.127-2libcpupower1-dbgsym_5.10.127-2_amd64.deb
Debian10amd64linux-image-amd64-signed-template< 4.19.260-1linux-image-amd64-signed-template_4.19.260-1_amd64.deb
Debian11armhflinux-perf-5.10< 5.10.127-2linux-perf-5.10_5.10.127-2_armhf.deb
Debian11armellibcpupower-dev< 5.10.127-2libcpupower-dev_5.10.127-2_armel.deb
Debian11amd64linux-image-5.10.0-16-cloud-amd64-dbg< 5.10.127-2linux-image-5.10.0-16-cloud-amd64-dbg_5.10.127-2_amd64.deb
Debian11mipselusb-modules-5.10.0-16-4kc-malta-di< 5.10.127-2usb-modules-5.10.0-16-4kc-malta-di_5.10.127-2_mipsel.deb
Debian11armhflinux-headers-5.10.0-16-armmp-lpae< 5.10.127-2linux-headers-5.10.0-16-armmp-lpae_5.10.127-2_armhf.deb
Debian11arm64libcpupower-dev< 5.10.127-2libcpupower-dev_5.10.127-2_arm64.deb
Debian11mips64elspeakup-modules-5.10.0-16-loongson-3-di< 5.10.127-2speakup-modules-5.10.0-16-loongson-3-di_5.10.127-2_mips64el.deb
Debian11arm64usbip-dbgsym< 2.0+5.10.127-2usbip-dbgsym_2.0+5.10.127-2_arm64.deb
Rows per page:
1-10 of 8181

Related

osv 31
mageia 2
openvas 48
nessus 49
amazon 2
ubuntu 23
debiancve 5
cve 6
ubuntucve 5
prion 6
xen 3
fedora 2
photon 3
suse 6
debian 1
cbl_mariner 3
zdt 1
githubexploit 1
veracode 2
osv
osv
linux - security update
2022-07-26 00:00:00
linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-kvm, linux-lowlatency vulnerabilities
2022-09-21 09:46:50
linux-gkeop vulnerabilities
2022-09-23 15:03:50
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2022-07-20 23:24:04
Updated kernel packages fix security vulnerabilities
2022-07-20 23:24:04
openvas
openvas
Debian: Security Advisory (DSA-5191-1)
2022-07-28 00:00:00
Mageia: Security Advisory (MGASA-2022-0264)
2022-07-21 00:00:00
Mageia: Security Advisory (MGASA-2022-0263)
2022-07-21 00:00:00
nessus
nessus
Debian DSA-5191-1 : linux - security update
2022-07-27 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-018)
2022-07-22 00:00:00
Amazon Linux AMI : kernel (ALAS-2022-1624)
2022-08-05 00:00:00
amazon
amazon
Important: kernel
2022-07-19 01:20:00
Important: kernel
2022-07-28 20:37:00
ubuntu
ubuntu
Linux kernel (GCP) vulnerabilities
2022-09-27 00:00:00
Linux kernel (GKE) vulnerabilities
2022-09-23 00:00:00
Linux kernel (GKE) vulnerabilities
2022-09-30 00:00:00
debiancve
debiancve
CVE-2022-33741
2022-07-05 13:15:00
CVE-2022-33740
2022-07-05 13:15:00
CVE-2022-33742
2022-07-05 13:15:00
cve
cve
CVE-2022-26365
2022-07-05 13:15:00
CVE-2022-33741
2022-07-05 13:15:00
CVE-2022-33742
2022-07-05 13:15:00
ubuntucve
ubuntucve
CVE-2022-33740
2022-07-05 00:00:00
CVE-2022-33741
2022-07-05 00:00:00
CVE-2022-33742
2022-07-05 00:00:00
prion
prion
Design/Logic Flaw
2022-07-05 13:15:00
Design/Logic Flaw
2022-07-05 13:15:00
Design/Logic Flaw
2022-07-05 13:15:00
xen
xen
Linux disk/nic frontends data leaks
2022-07-05 10:44:00
network backend may cause Linux netfront to use freed SKBs
2022-07-05 10:44:00
Arm guests can cause Dom0 DoS via PV devices
2022-07-05 10:44:00
fedora
fedora
[SECURITY] Fedora 36 Update: xen-4.16.1-5.fc36
2022-07-13 02:00:48
[SECURITY] Fedora 35 Update: xen-4.15.3-2.fc35
2022-07-23 02:27:29
photon
photon
Important Photon OS Security Update - PHSA-2022-4.0-0238
2022-08-26 00:00:00
Important Photon OS Security Update - PHSA-2022-0517
2022-09-17 00:00:00
Critical Photon OS Security Update - PHSA-2022-0238
2022-08-26 00:00:00
suse
suse
Security update for xen (important)
2022-10-20 00:00:00
Security update for the Linux Kernel (important)
2022-08-10 00:00:00
Security update for the Linux Kernel (important)
2022-09-01 00:00:00
debian
debian
[SECURITY] [DLA 3131-1] linux security update
2022-10-02 16:44:48
cbl_mariner
cbl_mariner
CVE-2022-33743 affecting package kernel 5.10.144.1-1
2022-10-13 00:40:31
CVE-2022-33744 affecting package kernel 5.10.144.1-1
2022-10-13 00:40:31
CVE-2022-33744 affecting package kernel 5.15.57.1-1
2022-10-05 23:34:27
zdt
zdt
Netfilter nft_set_elem_init Heap Overflow Privilege Escalation Exploit
2022-09-28 00:00:00
githubexploit
githubexploit
Exploit for Type Confusion in Linux Linux Kernel
2022-07-24 14:47:40
veracode
veracode
Authorization Bypass
2022-11-25 18:46:35
Denial Of Service (DoS)
2022-11-25 18:46:43

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

0.001 Low

EPSS

Percentile

26.5%

JSON
Related for DEBIAN:DSA-5191-1:574E3
osv31mageia2openvas48nessus49amazon2ubuntu23debiancve5cve6ubuntucve5prion6xen3fedora2photon3suse6debian1cbl_mariner3zdt1githubexploit1veracode2