Debian 10216 Published by

A linux security update has been released for Debian GNU/Linux 11 to address several vulnerabilities.



DSA 5050-1: linux security update



- -------------------------------------------------------------------------
Debian Security Advisory DSA-5050-1 security@debian.org
  https://www.debian.org/security/ Salvatore Bonaccorso
January 20, 2022   https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2021-4155 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713
CVE-2021-28714 CVE-2021-28715 CVE-2021-39685 CVE-2021-45095
CVE-2021-45469 CVE-2021-45480 CVE-2022-0185 CVE-2022-23222
Debian Bug : 988044 996974

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2021-4155

Kirill Tkhai discovered a data leak in the way the XFS_IOC_ALLOCSP
IOCTL in the XFS filesystem allowed for a size increase of files
with unaligned size. A local attacker can take advantage of this
flaw to leak data on the XFS filesystem.

CVE-2021-28711, CVE-2021-28712, CVE-2021-28713 (XSA-391)

Juergen Gross reported that malicious PV backends can cause a denial
of service to guests being serviced by those backends via high
frequency events, even if those backends are running in a less
privileged environment.

CVE-2021-28714, CVE-2021-28715 (XSA-392)

Juergen Gross discovered that Xen guests can force the Linux
netback driver to hog large amounts of kernel memory, resulting in
denial of service.

CVE-2021-39685

Szymon Heidrich discovered a buffer overflow vulnerability in the
USB gadget subsystem, resulting in information disclosure, denial of
service or privilege escalation.

CVE-2021-45095

It was discovered that the Phone Network protocol (PhoNet) driver
has a reference count leak in the pep_sock_accept() function.

CVE-2021-45469

Wenqing Liu reported an out-of-bounds memory access in the f2fs
implementation if an inode has an invalid last xattr entry. An
attacker able to mount a specially crafted image can take advantage
of this flaw for denial of service.

CVE-2021-45480

A memory leak flaw was discovered in the __rds_conn_create()
function in the RDS (Reliable Datagram Sockets) protocol subsystem.

CVE-2022-0185

William Liu, Jamie Hill-Daniel, Isaac Badipe, Alec Petridis, Hrvoje
Misetic and Philip Papurt discovered a heap-based buffer overflow
flaw in the legacy_parse_param function in the Filesystem Context
functionality, allowing an local user (with CAP_SYS_ADMIN capability
in the current namespace) to escalate privileges.

CVE-2022-23222

'tr3e' discovered that the BPF verifier does not properly restrict
several *_OR_NULL pointer types allowing these types to do pointer
arithmetic. A local user with the ability to call bpf(), can take
advantage of this flaw to excalate privileges. Unprivileged calls to
bpf() are disabled by default in Debian, mitigating this flaw.

For the stable distribution (bullseye), these problems have been fixed in
version 5.10.92-1. This version includes changes which were aimed to
land in the next Debian bullseye point release.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
  https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:   https://www.debian.org/security/