- -------------------------------------------------------------------------
Debian Security Advisory DSA-5127-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 02, 2022                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2021-4197 CVE-2022-0168 CVE-2022-1016 CVE-2022-1048
                 CVE-2022-1158 CVE-2022-1195 CVE-2022-1198 CVE-2022-1199
                 CVE-2022-1204 CVE-2022-1205 CVE-2022-1353 CVE-2022-1516
                 CVE-2022-26490 CVE-2022-27666 CVE-2022-28356 CVE-2022-28388
                 CVE-2022-28389 CVE-2022-28390 CVE-2022-29582

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2021-4197

    Eric Biederman reported that incorrect permission checks in the
    cgroup process migration implementation can allow a local attacker
    to escalate privileges.

CVE-2022-0168

    A NULL pointer dereference flaw was found in the CIFS client
    implementation which can allow a local attacker with CAP_SYS_ADMIN
    privileges to crash the system. The security impact is negligible as
    CAP_SYS_ADMIN inherently gives the ability to deny service.

CVE-2022-1016

    David Bouman discovered a flaw in the netfilter subsystem where the
    nft_do_chain function did not initialize register data that
    nf_tables expressions can read from and write to. A local attacker
    can take advantage of this to read sensitive information.

CVE-2022-1048

    Hu Jiahui discovered a race condition in the sound subsystem that
    can result in a use-after-free. A local user permitted to access a
    PCM sound device can take advantage of this flaw to crash the
    system or potentially for privilege escalation.

CVE-2022-1158

    Qiuhao Li, Gaoning Pan, and Yongkang Jia discovered a bug in the
    KVM implementation for x86 processors. A local user with access to
    /dev/kvm could cause the MMU emulator to update page table entry
    flags at the wrong address. They could exploit this to cause a
    denial of service (memory corruption or crash) or possibly for
    privilege escalation.

CVE-2022-1195

    Lin Ma discovered race conditions in the 6pack and mkiss hamradio
    drivers, which could lead to a use-after-free. A local user could
    exploit these to cause a denial of service (memory corruption or
    crash) or possibly for privilege escalation.

CVE-2022-1198

    Duoming Zhou discovered a race condition in the 6pack hamradio
    driver, which could lead to a use-after-free. A local user could
    exploit this to cause a denial of service (memory corruption or
    crash) or possibly for privilege escalation.

CVE-2022-1199, CVE-2022-1204, CVE-2022-1205

    Duoming Zhou discovered race conditions in the AX.25 hamradio
    protocol, which could lead to a use-after-free or null pointer
    dereference. A local user could exploit this to cause a denial of
    service (memory corruption or crash) or possibly for privilege
    escalation.

CVE-2022-1353

    The TCS Robot tool found an information leak in the PF_KEY
    subsystem. A local user can receive a netlink message when an
    IPsec daemon reegisters with the kernel, and this could include
    sensitive information.

CVE-2022-1516

    A NULL pointer dereference flaw in the implementation of the X.25
    set of standardized network protocols, which can result in denial
    of service.

    This driver is not enabled in Debian's official kernel
    configurations.

CVE-2022-26490

    Buffer overflows in the STMicroelectronics ST21NFCA core driver can
    result in denial of service or privilege escalation.

    This driver is not enabled in Debian's official kernel
    configurations.

CVE-2022-27666

    "valis" reported a possible buffer overflow in the IPsec ESP
    transformation code. A local user can take advantage of this flaw to
    cause a denial of service or for privilege escalation.

CVE-2022-28356

    Beraphin discovered that the ANSI/IEEE 802.2 LLC type 2 driver did
    not properly perform reference counting on some error paths. A
    local attacker can take advantage of this flaw to cause a denial
    of service.

CVE-2022-28388

    A double free vulnerability was discovered in the 8 devices USB2CAN
    interface driver.

CVE-2022-28389

    A double free vulnerability was discovered in the Microchip CAN BUS
    Analyzer interface driver.

CVE-2022-28390

    A double free vulnerability was discovered in the EMS CPC-USB/ARM7
    CAN/USB interface driver.

CVE-2022-29582

    Jayden Rivers and David Bouman discovered a user-after-free
    vulnerability in the io_uring subystem due to a race condition in
    io_uring timeouts. A local unprivileged user can take advantage of
    this flaw for privilege escalation.

For the stable distribution (bullseye), these problems have been fixed in
version 5.10.113-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Debian: DSA-5127-1: linux security update

May 2, 2022
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks

Summary

CVE-2021-4197

Eric Biederman reported that incorrect permission checks in the
cgroup process migration implementation can allow a local attacker
to escalate privileges.

CVE-2022-0168

A NULL pointer dereference flaw was found in the CIFS client
implementation which can allow a local attacker with CAP_SYS_ADMIN
privileges to crash the system. The security impact is negligible as
CAP_SYS_ADMIN inherently gives the ability to deny service.

CVE-2022-1016

David Bouman discovered a flaw in the netfilter subsystem where the
nft_do_chain function did not initialize register data that
nf_tables expressions can read from and write to. A local attacker
can take advantage of this to read sensitive information.

CVE-2022-1048

Hu Jiahui discovered a race condition in the sound subsystem that
can result in a use-after-free. A local user permitted to access a
PCM sound device can take advantage of this flaw to crash the
system or potentially for privilege escalation.

CVE-2022-1158

Qiuhao Li, Gaoning Pan, and Yongkang Jia discovered a bug in the
KVM implementation for x86 processors. A local user with access to
/dev/kvm could cause the MMU emulator to update page table entry
flags at the wrong address. They could exploit this to cause a
denial of service (memory corruption or crash) or possibly for
privilege escalation.

CVE-2022-1195

Lin Ma discovered race conditions in the 6pack and mkiss hamradio
drivers, which could lead to a use-after-free. A local user could
exploit these to cause a denial of service (memory corruption or
crash) or possibly for privilege escalation.

CVE-2022-1198

Duoming Zhou discovered a race condition in the 6pack hamradio
driver, which could lead to a use-after-free. A local user could
exploit this to cause a denial of service (memory corruption or
crash) or possibly for privilege escalation.

CVE-2022-1199, CVE-2022-1204, CVE-2022-1205

Duoming Zhou discovered race conditions in the AX.25 hamradio
protocol, which could lead to a use-after-free or null pointer
dereference. A local user could exploit this to cause a denial of
service (memory corruption or crash) or possibly for privilege
escalation.

CVE-2022-1353

The TCS Robot tool found an information leak in the PF_KEY
subsystem. A local user can receive a netlink message when an
IPsec daemon reegisters with the kernel, and this could include
sensitive information.

CVE-2022-1516

A NULL pointer dereference flaw in the implementation of the X.25
set of standardized network protocols, which can result in denial
of service.

This driver is not enabled in Debian's official kernel
configurations.

CVE-2022-26490

Buffer overflows in the STMicroelectronics ST21NFCA core driver can
result in denial of service or privilege escalation.

This driver is not enabled in Debian's official kernel
configurations.

CVE-2022-27666

"valis" reported a possible buffer overflow in the IPsec ESP
transformation code. A local user can take advantage of this flaw to
cause a denial of service or for privilege escalation.

CVE-2022-28356

Beraphin discovered that the ANSI/IEEE 802.2 LLC type 2 driver did
not properly perform reference counting on some error paths. A
local attacker can take advantage of this flaw to cause a denial
of service.

CVE-2022-28388

A double free vulnerability was discovered in the 8 devices USB2CAN
interface driver.

CVE-2022-28389

A double free vulnerability was discovered in the Microchip CAN BUS
Analyzer interface driver.

CVE-2022-28390

A double free vulnerability was discovered in the EMS CPC-USB/ARM7
CAN/USB interface driver.

CVE-2022-29582

Jayden Rivers and David Bouman discovered a user-after-free
vulnerability in the io_uring subystem due to a race condition in
io_uring timeouts. A local unprivileged user can take advantage of
this flaw for privilege escalation.

For the stable distribution (bullseye), these problems have been fixed in
version 5.10.113-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Severity
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up