| Description: | Summary:
The remote host is missing an update for the Debian 'linux' package(s) announced via the DLA-3065-1 advisory.
Vulnerability Insight:
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
This update is unfortunately not available for the armel architecture.
CVE-2018-1108
It was discovered that the random driver could generate random bytes through /dev/random and the getrandom() system call before gathering enough entropy that these would be unpredictable. This could compromise the confidentiality and integrity of encrypted communications.
The original fix for this issue had to be reverted because it caused the boot process to hang on many systems. In this version, the random driver has been updated, making it more effective in gathering entropy without needing a hardware RNG.
CVE-2021-4149
Hao Sun reported a flaw in the Btrfs fileysstem driver. There is a potential lock imbalance in an error path. A local user might be able to exploit this for denial of service.
CVE-2021-39713
The syzbot tool found a race condition in the network scheduling subsystem which could lead to a use-after-free. A local user could exploit this for denial of service (memory corruption or crash) or possibly for privilege escalation.
CVE-2022-0494
The scsi_ioctl() was susceptible to an information leak only exploitable by users with CAP_SYS_ADMIN or CAP_SYS_RAWIO capabilities.
CVE-2022-0812
It was discovered that the RDMA transport for NFS (xprtrdma) miscalculated the size of message headers, which could lead to a leak of sensitive information between NFS servers and clients.
CVE-2022-0854
Ali Haider discovered a potential information leak in the DMA subsystem. On systems where the swiotlb feature is needed, this might allow a local user to read sensitive information.
CVE-2022-1011
Jann Horn discovered a flaw in the FUSE (Filesystem in User-Space) implementation. A local user permitted to mount FUSE filesystems could exploit this to cause a use-after-free and read sensitive information.
CVE-2022-1012
, CVE-2022-32296
Moshe Kol, Amit Klein, and Yossi Gilad discovered a weakness in randomisation of TCP source port selection.
CVE-2022-1016
David Bouman discovered a flaw in the netfilter subsystem where the nft_do_chain function did not initialize register data that nf_tables expressions can read from and write to. A local attacker can take advantage of this to read sensitive information.
CVE-2022-1198
Duoming Zhou discovered a race condition in the 6pack hamradio driver, which could lead to a use-after-free. A local user could exploit this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.
CVE-2022-1199
Duoming Zhou discovered race conditions in the AX.25 hamradio protocol, which could lead to a use-after-free or null pointer dereference. A local user could exploit this to cause a denial of service (memory corruption or crash) or possibly for privilege ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'linux' package(s) on Debian 9.
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
