SB2022072814 - Debian update for linux

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) Out-of-bounds write (CVE-ID: CVE-2021-33655)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in FBIOPUT_VSCREENINFO IOCTL. A local user can trigger an out-of-bounds write error and execute arbitrary code with elevated privileges.

2) Use-after-free (CVE-ID: CVE-2022-2318)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to a use-after-free error caused by timer handler in net/rose/rose_timer.c of linux. A local user can exploit the vulnerability to perform a denial of service attack.

3) Information disclosure (CVE-ID: CVE-2022-26365)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend. A local user can gain unauthorized access to sensitive information on the system.

4) Information disclosure (CVE-ID: CVE-2022-33740)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend. A local user can gain unauthorized access to sensitive information on the system.

5) Information disclosure (CVE-ID: CVE-2022-33741)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend. A local user can gain unauthorized access to sensitive information on the system.

6) Information disclosure (CVE-ID: CVE-2022-33742)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend. A local user can gain unauthorized access to sensitive information on the system.

7) Resource management error (CVE-ID: CVE-2022-33743)

The vulnerability allows a malicious network backend to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in eXpress Data Path support implementation in Xen, allowing Linux netfront to use freed SKBs. A malicious network backend can cause denial of service on the guest OS.

8) Resource management error (CVE-ID: CVE-2022-33744)

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of foreign mappings performed by rbtree when mapping pages of Arm guests. An unprivileged Arm guest can cause inconsistencies of the rbtree via PV devices, which can lead to denial of service of dom0 and cause crashes or the inability to perform further mappings of other guests' memory pages.

9) Type Confusion (CVE-ID: CVE-2022-34918)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists in the Linux kernel’s Netfilter subsystem in the way a user provides incorrect input of the NFT_DATA_VERDICT type. A local user can pass specially crafted data to the application, trigger a type confusion error and escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://www.debian.org/security/2022/dsa-5191