DSA-5324-1 linux -- linuxID: oval:org.secpod.oval:def:89325 | Date: (C)2023-04-25 (M)2024-04-25 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2022-2873 Zheyu Ma discovered that an out-of-bounds memory access flaw in the Intel iSMT SMBus 2.0 host controller driver may result in denial of service . CVE-2022-3545 It was discovered that the Netronome Flow Processor driver contained a use-after-free flaw in area_cache_get, which may result in denial of service or the execution of arbitrary code. CVE-2022-3623 A race condition when looking up a CONT-PTE/PMD size hugetlb page may result in denial of service or an information leak. CVE-2022-4696 A use-after-free vulnerability was discovered in the io_uring subsystem. CVE-2022-36280 An out-of-bounds memory write vulnerability was discovered in the vmwgfx driver, which may allow a local unprivileged user to cause a denial of service . CVE-2022-41218 Hyunwoo Kim reported a use-after-free flaw in the Media DVB core subsystem caused by refcount races, which may allow a local user to cause a denial of service or escalate privileges. CVE-2022-45934 An integer overflow in l2cap_config_req in the Bluetooth subsystem was discovered, which may allow a physically proximate attacker to cause a denial of service . CVE-2022-47929 Frederick Lawler reported a NULL pointer dereference in the traffic control subsystem allowing an unprivileged user to cause a denial of service by setting up a specially crafted traffic control configuration. CVE-2023-0179 Davide Ornaghi discovered incorrect arithmetics when fetching VLAN header bits in the netfilter subsystem, allowing a local user to leak stack and heap addresses or potentially local privilege escalation to root. CVE-2023-0266 A use-after-free flaw in the sound subsystem due to missing locking may result in denial of service or privilege escalation. CVE-2023-0394 Kyle Zeng discovered a NULL pointer dereference flaw in rawv6_push_pending_frames in the network subsystem allowing a local user to cause a denial of service . CVE-2023-23454 Kyle Zeng reported that the Class Based Queueing network scheduler was prone to denial of service due to interpreting classification results before checking the classification return code. CVE-2023-23455 Kyle Zeng reported that the ATM Virtual Circuits network scheduler was prone to a denial of service due to interpreting classification results before checking the classification return code.
Product: |
linux-support-5.10 |
linux-image-5.10 |
linux-headers-5.10 |
bpftool |
hyperv-daemons |
libcpupower-dev |
libcpupower1 |
usbip |