[SECURITY] [DSA 5492-1] linux security update

---

Debian Security Advisory DSA-5492-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
September 09, 2023 https://www.debian.org/security/faq

---

Package : linux
CVE ID : CVE-2023-1206 CVE-2023-1989 CVE-2023-2430 CVE-2023-2898
CVE-2023-3611 CVE-2023-3772 CVE-2023-3773 CVE-2023-3776
CVE-2023-3777 CVE-2023-3863 CVE-2023-4004 CVE-2023-4015
CVE-2023-4128 CVE-2023-4132 CVE-2023-4147 CVE-2023-4155
CVE-2023-4194 CVE-2023-4206 CVE-2023-4207 CVE-2023-4208
CVE-2023-4273 CVE-2023-4569 CVE-2023-4622 CVE-2023-20588
CVE-2023-34319 CVE-2023-40283

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2023-1206

It was discovered that the networking stack permits attackers to
force hash collisions in the IPv6 connection lookup table, which may
result in denial of service (significant increase in the cost of
lookups, increased CPU utilization).

CVE-2023-1989

Zheng Wang reported a race condition in the btsdio Bluetooth adapter
driver that can lead to a use-after-free. An attacker able to insert
and remove SDIO devices can use this to cause a denial of service
(crash or memory corruption) or possibly to run arbitrary code in
the kernel.

CVE-2023-2430

Xingyuan Mo discovered that the io_uring subsystem did not properly
handle locking when the target ring is configured with IOPOLL, which
may result in denial of service.

CVE-2023-2898

It was discovered that missing sanitising in the f2fs file
system may result in denial of service if a malformed file
system is accessed.

CVE-2023-3611

The TOTE Robot tool found a flaw in the Btrfs filesystem driver that
can lead to a use-after-free. It's unclear whether an unprivileged
user can exploit this.

CVE-2023-3772

Lin Ma discovered a NULL pointer dereference flaw in the XFRM
subsystem which may result in denial of service.

CVE-2023-3773

Lin Ma discovered a flaw in the the XFRM subsystem, which may result
in denial of service for a user with the CAP_NET_ADMIN capability in
any user or network namespace.

CVE-2023-3776, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208

It was discovered that a use-after-free in the cls_fw, cls_u32 and
cls_route network classifiers may result in denial of service or
potential local privilege escalation.

CVE-2023-3777

Kevin Rich discovered a use-after-free in Netfilter when flushing
table rules, which may result in local privilege escalation for a
user with the CAP_NET_ADMIN capability in any user or network
namespace.

CVE-2023-3863

It was discovered that a use-after-free in the NFC implementation
may result in denial of service, an information leak or potential
local privilege escalation.

CVE-2023-4004

It was discovered that a use-after-free in Netfilter's
implementation of PIPAPO (PIle PAcket POlicies) may result in denial
of service or potential local privilege escalation for a user with
the CAP_NET_ADMIN capability in any user or network namespace.

CVE-2023-4015

Kevin Rich discovered a use-after-free in Netfilter when handling
bound chain deactivation in certain circumstances, may result in
denial of service or potential local privilege escalation for a user
with the CAP_NET_ADMIN capability in any user or network namespace.

CVE-2023-4132

A use-after-free in the driver for Siano SMS1xxx based MDTV
receivers may result in local denial of service.

CVE-2023-4147

Kevin Rich discovered a use-after-free in Netfilter when adding a
rule with NFTA_RULE_CHAIN_ID, which may result in local privilege
escalation for a user with the CAP_NET_ADMIN capability in any user
or network namespace.

CVE-2023-4155

Andy Nguyen discovered a flaw in the KVM subsystem allowing a KVM
guest using EV-ES or SEV-SNP to cause a denial of service.

CVE-2023-4194

A type confusion in the implementation of TUN/TAP network devices
may allow a local user to bypass network filters.

CVE-2023-4273

Maxim Suhanov discovered a stack overflow in the exFAT driver, which
may result in local denial of service via a malformed file system.

CVE-2023-4569

lonial con discovered flaw in the Netfilter subsystem, which may
allow a local attacher to cause a double-deactivations of catchall
elements, which results in a memory leak.

CVE-2023-4622

Bing-Jhong Billy Jheng discovered a use-after-free within the Unix
domain sockets component, which may result in local privilege
escalation.

CVE-2023-20588

Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Koepf and
Oleksii Oleksenko discovered that on some AMD CPUs with the Zen1
micro architecture an integer division by zero may leave stale
quotient data from a previous division, resulting in a potential
leak of sensitive data.

CVE-2023-34319

Ross Lagerwall discovered a buffer overrun in Xen's netback driver
which may allow a Xen guest to cause denial of service to the
virtualisation host my sending malformed packets.

CVE-2023-40283

A use-after-free was discovered in Bluetooth L2CAP socket handling.

For the stable distribution (bookworm), these problems have been fixed in
version 6.1.52-1. This update is released without armel builds. Changes
in the new stable series import cause a substantial increase of the
compressed image for marvell flavour. This issue will be addressed in a
future linux update.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]