| Description: | Summary:
The remote host is missing an update for the Debian 'linux' package(s) announced via the DLA-3245-1 advisory.
Vulnerability Insight:
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
CVE-2022-2978
butt3rflyh4ck, Hao Sun, and Jiacheng Xu reported a flaw in the nilfs2 filesystem driver which can lead to a use-after-free. A local use might be able to exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.
CVE-2022-3521
The syzbot tool found a race condition in the KCM subsystem which could lead to a crash.
This subsystem is not enabled in Debian's official kernel configurations.
CVE-2022-3524
The syzbot tool found a race condition in the IPv6 stack which could lead to a memory leak. A local user could exploit this to cause a denial of service (memory exhaustion).
CVE-2022-3564
A flaw was discovered in the Bluetooth L2CAP subsystem which would lead to a use-after-free. This might be exploitable to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.
CVE-2022-3565
A flaw was discovered in the mISDN driver which would lead to a use-after-free. This might be exploitable to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.
CVE-2022-3594
Andrew Gaul reported that the r8152 Ethernet driver would log excessive numbers of messages in response to network errors. A remote attacker could possibly exploit this to cause a denial of service (resource exhaustion).
CVE-2022-3621, CVE-2022-3646 The syzbot tool found flaws in the nilfs2 filesystem driver which can lead to a null pointer dereference or memory leak. A user permitted to mount arbitrary filesystem images could use these to cause a denial of service (crash or resource exhaustion).
CVE-2022-3628
Dokyung Song, Jisoo Jang, and Minsuk Kang reported a potential heap-based buffer overflow in the brcmfmac Wi-Fi driver. A user able to connect a malicious USB device could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.
CVE-2022-3640
A flaw was discovered in the Bluetooth L2CAP subsystem which would lead to a use-after-free. This might be exploitable to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.
CVE-2022-3643 (XSA-423) A flaw was discovered in the Xen network backend driver that would result in it generating malformed packet buffers. If these packets were forwarded to certain other network devices, a Xen guest could exploit this to cause a denial of service (crash or device reset).
CVE-2022-3649
The syzbot tool found flaws in the nilfs2 filesystem driver which can lead to a use-after-free. A user permitted to mount arbitrary filesystem images could use these to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.
CVE-2022-4378
Kyle Zeng found a flaw in procfs that would ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'linux' package(s) on Debian 10.
Solution:
Please install the updated package(s).
CVSS Score:
1.9
CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
|
