summaryrefslogtreecommitdiffstats
path: root/dsa-texts/5.10.120-1
blob: 44ad389ac7a8ff63f7d11caae304dd2d06dc969a (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

Package: linux
CVE ID: CVE-2022-0494 CVE-2022-1012 CVE-2022-1729 CVE-2022-1786 CVE-2022-1789 CVE-2022-1852 CVE-2022-1966 CVE-2022-1972 CVE-2022-1974 CVE-2022-1975 CVE-2022-21499 CVE-2022-28893

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2022-0494

    The scsi_ioctl() was susceptible to an information leak only
    exploitable by users with CAP_SYS_ADMIN or CAP_SYS_RAWIO
    capabilities.

CVE-2022-1012

    The randomisation when calculating port offsets in the IP implementation
    was enhanced.

CVE-2022-1729

    Norbert Slusarek discovered a race condition in the perf subsystem
    which could result in local privilege escalation to root. The default
    settings in Debian prevent exploitation unless more permissive settings
    have been applied in the kernel.perf_event_paranoid sysctl.

CVE-2022-1786

     Kyle Zeng discovered a use-after-free in the io_uring subsystem which
     way result in local privilege escalation to root.

CVE-2022-1789 / CVE-2022-1852

    Yongkang Jia, Gaoning Pan and Qiuhao Li discovered two NULL pointer
    dereferences in KVM's CPU instruction handling, resulting in denial
    of service.

CVE-2022-1966

    Aaron Adams discovered a use-after-free in Netfilter which may
    result in local privilege escalation to root.

CVE-2022-1972

    Ziming Zhang discovered an out-of-bound write in Netfilter which may
    result in local privilege escalation to root.

CVE-2022-1974 / CVE-2022-1975

    Duoming Zhou discovered that the NFC netlink interface was suspectible
    to denial of service.

CVE-2022-21499

    It was discovered that the kernel debugger could be used to bypass
    UEFI Secure Boot restrictions.

CVE-2022-28893

    Felix Fu discovered a use-after-free in the implementation of the Remote Procedure
    Call (SunRPC) protocol, which could in denial of service or an information leak.


TODO: CVE-2022-1734 in data/CVE/list with '[bullseye] - linux 5.10.120-1'
without mentioning in the DSA advisory.

© 2014-2024 Faster IT GmbH | imprint | privacy policy