| Description: | Summary:
The remote host is missing an update for the Debian 'linux-5.10' package(s) announced via the DLA-3349-1 advisory.
Vulnerability Insight:
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
CVE-2022-2873
Zheyu Ma discovered that an out-of-bounds memory access flaw in the Intel iSMT SMBus 2.0 host controller driver may result in denial of service (system crash).
CVE-2022-3545
It was discovered that the Netronome Flow Processor (NFP) driver contained a use-after-free flaw in area_cache_get(), which may result in denial of service or the execution of arbitrary code.
CVE-2022-3623
A race condition when looking up a CONT-PTE/PMD size hugetlb page may result in denial of service or an information leak.
CVE-2022-4696
A use-after-free vulnerability was discovered in the io_uring subsystem.
CVE-2022-36280
An out-of-bounds memory write vulnerability was discovered in the vmwgfx driver, which may allow a local unprivileged user to cause a denial of service (system crash).
CVE-2022-41218
Hyunwoo Kim reported a use-after-free flaw in the Media DVB core subsystem caused by refcount races, which may allow a local user to cause a denial of service or escalate privileges.
CVE-2022-45934
An integer overflow in l2cap_config_req() in the Bluetooth subsystem was discovered, which may allow a physically proximate attacker to cause a denial of service (system crash).
CVE-2022-47929
Frederick Lawler reported a NULL pointer dereference in the traffic control subsystem allowing an unprivileged user to cause a denial of service by setting up a specially crafted traffic control configuration.
CVE-2023-0179
Davide Ornaghi discovered incorrect arithmetic when fetching VLAN header bits in the netfilter subsystem, allowing a local user to leak stack and heap addresses or potentially local privilege escalation to root.
CVE-2023-0240
A flaw was discovered in the io_uring subsystem that could lead to a use-after-free. A local user could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.
CVE-2023-0266
A use-after-free flaw in the sound subsystem due to missing locking may result in denial of service or privilege escalation.
CVE-2023-0394
Kyle Zeng discovered a NULL pointer dereference flaw in rawv6_push_pending_frames() in the network subsystem allowing a local user to cause a denial of service (system crash).
CVE-2023-23454
Kyle Zeng reported that the Class Based Queueing (CBQ) network scheduler was prone to denial of service due to interpreting classification results before checking the classification return code.
CVE-2023-23455
Kyle Zeng reported that the ATM Virtual Circuits (ATM) network scheduler was prone to a denial of service due to interpreting classification results before checking the classification return code.
CVE-2023-23586
A flaw was discovered in the io_uring subsystem that could lead to an information leak. A local user could exploit this to ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'linux-5.10' package(s) on Debian 10.
Solution:
Please install the updated package(s).
CVSS Score:
6.8
CVSS Vector:
AV:L/AC:L/Au:S/C:C/I:C/A:C
|
