Debian update for linux 4.19



Published: 2022-03-14 | Updated: 2023-01-31
Risk High
Patch available YES
Number of vulnerabilities 23
CVE-ID CVE-2021-42739
CVE-2021-43976
CVE-2021-44733
CVE-2022-0001
CVE-2022-0002
CVE-2022-0330
CVE-2022-0435
CVE-2022-0487
CVE-2022-0492
CVE-2022-0617
CVE-2022-22942
CVE-2022-24448
CVE-2022-25258
CVE-2022-25375
CVE-2021-39698
CVE-2020-36322
CVE-2021-4083
CVE-2021-4155
CVE-2021-20317
CVE-2021-39686
CVE-2021-20321
CVE-2021-28950
CVE-2021-39685
CWE-ID CWE-119
CWE-20
CWE-416
CWE-200
CWE-121
CWE-264
CWE-476
CWE-909
CWE-668
CWE-404
CWE-665
CWE-362
CWE-834
Exploitation vector Network
Public exploit Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #8 is available.
Public exploit code for vulnerability #9 is available.
Public exploit code for vulnerability #11 is available.
Public exploit code for vulnerability #14 is available.
Public exploit code for vulnerability #23 is available.
Vulnerable software
Subscribe
linux (Debian package)
Operating systems & Components / Operating system package or component

Vendor Debian

Security Bulletin

This security bulletin contains information about 23 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU59474

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-42739

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary within the firewire subsystem in the Linux kernel in drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c files. A local privileged user can run a specially crafted program tat calls avc_ca_pmt() function to trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update linux package to version 4.19.232-1.

Vulnerable software versions

linux (Debian package): before 4.19.232-1


CPE2.3
External links

http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Input validation error

EUVDB-ID: #VU61215

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-43976

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the mwifiex_usb_recv() function in drivers/net/wireless/marvell/mwifiex/usb.c in Linux kernel. An attacker with physical access to the system can insert a specially crafted USB device and perform a denial of service (DoS) attack.

Mitigation

Update linux package to version 4.19.232-1.

Vulnerable software versions

linux (Debian package): before 4.19.232-1


CPE2.3
External links

http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Use-after-free

EUVDB-ID: #VU59100

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-44733

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to elevate privileges on the system.

The vulnerability exists due to a use-after-free error in the drivers/tee/tee_shm.c file within the TEE subsystem in the Linux kernel. A local user can trigger a race condition in tee_shm_get_from_id during an attempt to free a shared memory object and execute arbitrary code with elevated privileges.

Mitigation

Update linux package to version 4.19.232-1.

Vulnerable software versions

linux (Debian package): before 4.19.232-1


CPE2.3
External links

http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Information disclosure

EUVDB-ID: #VU61198

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-0001

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to non-transparent sharing of branch predictor selectors between contexts. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Update linux package to version 4.19.232-1.

Vulnerable software versions

linux (Debian package): before 4.19.232-1


CPE2.3
External links

http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Information disclosure

EUVDB-ID: #VU61199

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-0002

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to non-transparent sharing of branch predictor within a context. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Update linux package to version 4.19.232-1.

Vulnerable software versions

linux (Debian package): before 4.19.232-1


CPE2.3
External links

http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Buffer overflow

EUVDB-ID: #VU60988

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-0330

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a random memory access flaw caused by a missing TLB flush in Linux kernel GPU i915 kernel driver functionality. A local user can execute arbitrary code on the system with elevated privileges.

Mitigation

Update linux package to version 4.19.232-1.

Vulnerable software versions

linux (Debian package): before 4.19.232-1


CPE2.3
External links

http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Stack-based buffer overflow

EUVDB-ID: #VU61216

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0435

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the Linux kernel networking module for the Transparent Inter-Process Communication (TIPC) protocol. A remote unauthenticated attacker can send specially crafted traffic to the system, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that the TIPC bearer is set up.

Mitigation

Update linux package to version 4.19.232-1.

Vulnerable software versions

linux (Debian package): before 4.19.232-1


CPE2.3
External links

http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Use-after-free

EUVDB-ID: #VU61181

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-0487

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. A local user can trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update linux package to version 4.19.232-1.

Vulnerable software versions

linux (Debian package): before 4.19.232-1


CPE2.3
External links

http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU61245

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-0492

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a logic error within the cgroup_release_agent_write() function in  kernel/cgroup/cgroup-v1.c. A local user can use the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation.

Mitigation

Update linux package to version 4.19.232-1.

Vulnerable software versions

linux (Debian package): before 4.19.232-1


CPE2.3
External links

http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) NULL pointer dereference

EUVDB-ID: #VU61210

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-0617

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel UDF file system functionality. A local user can supply a malicious UDF image to the udf_file_write_iter() function and perform a denial of service (DoS) attack.

Mitigation

Update linux package to version 4.19.232-1.

Vulnerable software versions

linux (Debian package): before 4.19.232-1


CPE2.3
External links

http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU61217

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-22942

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an error in the vmwgfx driver in Linux kernel. A local unprivileged user can gain access to files opened by other processes on the system through a dangling 'file' pointer.

Exploiting this vulnerability requires an attacker to have access to either /dev/dri/card0 or /dev/dri/rendererD128 and be able to issue an ioctl() on the resulting file descriptor.

Mitigation

Update linux package to version 4.19.232-1.

Vulnerable software versions

linux (Debian package): before 4.19.232-1


CPE2.3
External links

http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Missing initialization of resource

EUVDB-ID: #VU61211

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-24448

CWE-ID: CWE-909 - Missing initialization of resource

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to missing initialization of resource within the fs/nfs/dir.c in the Linux kernel. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.

Mitigation

Update linux package to version 4.19.232-1.

Vulnerable software versions

linux (Debian package): before 4.19.232-1


CPE2.3
External links

http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) NULL pointer dereference

EUVDB-ID: #VU61270

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-25258

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error drivers/usb/gadget/composite.c in the Linux kernel. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). A local user can run a specially crafted program to trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Update linux package to version 4.19.232-1.

Vulnerable software versions

linux (Debian package): before 4.19.232-1


CPE2.3
External links

http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Exposure of Resource to Wrong Sphere

EUVDB-ID: #VU61269

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-25375

CWE-ID: CWE-668 - Exposure of resource to wrong sphere

Exploit availability: Yes

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in drivers/usb/gadget/function/rndis.c in the Linux kernel. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. A local user can run a specially crafted program to gain access to kernel memory.

Mitigation

Update linux package to version 4.19.232-1.

Vulnerable software versions

linux (Debian package): before 4.19.232-1


CPE2.3
External links

http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Use-after-free

EUVDB-ID: #VU61097

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-39698

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in Linux kernel. A local user can run a specially crafted program to trigger the use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update linux package to version 4.19.232-1.

Vulnerable software versions

linux (Debian package): before 4.19.232-1


CPE2.3
External links

http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) Improper Resource Shutdown or Release

EUVDB-ID: #VU59473

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-36322

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists in the FUSE filesystem implementation in the Linux kernel due to fuse_do_getattr() calls make_bad_inode() in inappropriate situations. A local user can run a specially crafted program to trigger kernel crash.

Note, the vulnerability exists due to incomplete fix for #VU58207 (CVE-2021-28950).

Mitigation

Update linux package to version 4.19.232-1.

Vulnerable software versions

linux (Debian package): before 4.19.232-1


CPE2.3
External links

http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

17) Use-after-free

EUVDB-ID: #VU61246

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-4083

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Linux kernel's garbage collection for Unix domain socket file handlers. A local user can call close() and fget() simultaneously and can potentially trigger a race condition, which in turn leads to a use-after-free error and allows privilege escalation.

Mitigation

Update linux package to version 4.19.232-1.

Vulnerable software versions

linux (Debian package): before 4.19.232-1


CPE2.3
External links

http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

18) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU59812

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-4155

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to the OS kernel does not impose correctly security restrictions. A local user can gain access to sensitive information on the system.

Mitigation

Update linux package to version 4.19.232-1.

Vulnerable software versions

linux (Debian package): before 4.19.232-1


CPE2.3
External links

http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

19) Improper Initialization

EUVDB-ID: #VU58208

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-20317

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization the Linux kernel. A corrupted timer tree causes the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. A local user can run a specially crafted application to crash the kernel.

Mitigation

Update linux package to version 4.19.232-1.

Vulnerable software versions

linux (Debian package): before 4.19.232-1


CPE2.3
External links

http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

20) Race condition

EUVDB-ID: #VU61096

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-39686

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the binder implementation in Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Update linux package to version 4.19.232-1.

Vulnerable software versions

linux (Debian package): before 4.19.232-1


CPE2.3
External links

http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

21) Race condition

EUVDB-ID: #VU59084

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-20321

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attacks.

The vulnerability exists due to a race condition when accessing file object in the Linux kernel OverlayFS subsystem. A local user can rename files in specific way with OverlayFS and perform a denial of service (DoS) attack.

Mitigation

Update linux package to version 4.19.232-1.

Vulnerable software versions

linux (Debian package): before 4.19.232-1


CPE2.3
External links

http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

22) Excessive Iteration

EUVDB-ID: #VU58207

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-28950

CWE-ID: CWE-834 - Excessive Iteration

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to excessive iteration in fs/fuse/fuse_i.h in the Linux kernel. A local user can run a specially crafted program to perform a denial of service attack.

Mitigation

Update linux package to version 4.19.232-1.

Vulnerable software versions

linux (Debian package): before 4.19.232-1


CPE2.3
External links

http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

23) Buffer overflow

EUVDB-ID: #VU61095

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-39685

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a malicious host to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the USB subsystem in Linux kernel. A malicious USB device can trigger memory corruption and execute arbitrary code on the system.

Mitigation

Update linux package to version 4.19.232-1.

Vulnerable software versions

linux (Debian package): before 4.19.232-1


CPE2.3
External links

http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###