Univention Bugzilla – Bug 56387
linux-latest: Multiple issues (5.0)
Last modified: 2023-08-14 10:51:30 CEST
New Debian linux-latest 105+deb10u20 fixes: This update addresses the following issues: * CVE-2023-1380: A slab-out-of-bound read problem was found in `brcmf_get_assoc_ies` in `drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c` in the Linux Kernel. This issue could occur when `assoc_info->req_len` data is bigger than the size of the buffer, defined as `WL_EXTRA_BUF_MAX`, leading to a denial of service. * CVE-2023-2002: A vulnerability was found in the `HCI` sockets implementation due to a missing capability check in `net/bluetooth/hci_sock.c` in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. * CVE-2023-2007: The specific flaw exists within the "DPT I2O Controller" driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. * CVE-2023-2269: A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in `table_clear` in `drivers/md/dm-ioctl.c` in the Linux Kernel Device Mapper-Multipathing sub-component. * CVE-2023-3090: A heap out-of-bounds write vulnerability in the Linux Kernel `ipvlan` network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing `skb->cb` initialization in the `ipvlan` network driver. The vulnerability is reachable if `CONFIG_IPVLAN` is enabled. * CVE-2023-3111: A use after free vulnerability was found in `prepare_to_relocate` in `fs/btrfs/relocation.c` in `btrfs` in the Linux Kernel. This possible flaw can be triggered by calling `btrfs_ioctl_balance()` before calling `btrfs_ioctl_defrag()`. * CVE-2023-3141: A use-after-free flaw was found in `r592_remove` in `drivers/memstick/host/r592.c` in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. * CVE-2023-3268: An out of bounds (OOB) memory access flaw was found in the Linux kernel in `relay_file_read_start_pos` in `kernel/relay.c` in the `relayfs`. This flaw could allow a local attacker to crash the system or leak kernel internal information. * CVE-2023-3338: A NULL pointer dereference flaw was found in the Linux kernel's `DECnet` networking protocol. This issue could allow a remote user to crash the system. * CVE-2023-20593: An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. * CVE-2023-31084: An issue was discovered in `drivers/media/dvb-core/dvb_frontend.c` in the Linux kernel. There is a blocking operation when a task is in `!TASK_RUNNING`. In `dvb_frontend_get_event`, `wait_event_interruptible` is called; the condition is `dvb_frontend_test_event(fepriv,events)`. In `dvb_frontend_test_event`, `down(&fepriv->sem)` is called. However, `wait_event_interruptible` would put the process to sleep, and `down(&fepriv->sem)` may block the process. * CVE-2023-32233: A use-after-free in `Netfilter nf_tables` when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. * CVE-2023-34256: There is an out-of-bounds read in `crc16` in `lib/crc16.c` when called from `fs/ext4/super.c` because `ext4_group_desc_csum` does not properly check an offset. * CVE-2023-35788: An issue in `fl_set_geneve_opt` in `net/sched/cls_flower.c` in the Linux kernel allows an out-of-bounds write in the flower classifier code via `TCA_FLOWER_KEY_ENC_OPTS_GENEVE` packets. This may result in denial of service or privilege escalation. * CVE-2023-35823: A use-after-free was found in `saa7134_finidev` in `drivers/media/pci/saa7134/saa7134-core.c`. * CVE-2023-35824: A use-after-free was found in `dm1105_remove` in `drivers/media/pci/dm1105/dm1105.c`. Debian update 105+deb10u20
--- mirror/ftp/pool/main/l/linux-latest/linux-latest_105+deb10u19.dsc +++ apt/ucs_5.0-0-errata5.0-4/source/linux-latest_105+deb10u20.dsc @@ -1,3 +1,7 @@ +105+deb10u20 [Tue, 25 Jul 2023 20:16:23 +0200] Ben Hutchings <benh@debian.org>: + + * Update to 4.19.0-25 + 105+deb10u19 [Wed, 03 May 2023 00:36:44 +0200] Ben Hutchings <benh@debian.org>: * Update to 4.19.0-24 <http://piuparts.knut.univention.de/5.0-4/#4365624239595468127>
https://errata.software-univention.de/#/?erratum=5.0x763 *** This bug has been marked as a duplicate of bug 56376 ***