-------------------------------------------------------------------------
Debian LTS Advisory DLA-3508-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Ben Hutchings
July 27, 2023 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : linux
Version : 4.19.289-1
CVE ID : CVE-2023-1380 CVE-2023-2002 CVE-2023-2007 CVE-2023-2269
CVE-2023-3090 CVE-2023-3111 CVE-2023-3141 CVE-2023-3268
CVE-2023-3338 CVE-2023-20593 CVE-2023-31084 CVE-2023-32233
CVE-2023-34256 CVE-2023-35788 CVE-2023-35823 CVE-2023-35824
CVE-2023-35828
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
CVE-2023-1380
Jisoo Jang reported a heap out-of-bounds read in the brcmfmac
Wi-Fi driver. On systems using this driver, a local user could
exploit this to read sensitive information or to cause a denial of
service (crash).
CVE-2023-2002
Ruiahn Li reported an incorrect permissions check in the Bluetooth
subsystem. A local user could exploit this to reconfigure local
Bluetooth interfaces, resulting in information leaks, spoofing, or
denial of service (loss of connection).
CVE-2023-2007
Lucas Leong (@_wmliang_) and Reno Robert of Trend Micro Zero Day
Initiative discovered a time-of-check-to-time-of-use flaw in the
dpt_i2o SCSI controller driver. A local user with access to a
SCSI device using this driver could exploit this for privilege
escalation.
This flaw has been mitigated by removing support for the I2OUSRCMD
operation.
CVE-2023-2269
Zheng Zhang reported that improper handling of locking in the
device mapper implementation may result in denial of service.
CVE-2023-3090
It was discovered that missing initialization in ipvlan networking
may lead to an out-of-bounds write vulnerability, resulting in
denial of service or potentially the execution of arbitrary code.
CVE-2023-3111
The TOTE Robot tool found a flaw in the Btrfs filesystem driver
that can lead to a use-after-free. It's unclear whether an
unprivileged user can exploit this.
CVE-2023-3141
A flaw was discovered in the r592 memstick driver that could lead
to a use-after-free after the driver is removed or unbound from a
device. The security impact of this is unclear.
CVE-2023-3268
It was discovered that an out-of-bounds memory access in relayfs
could result in denial of service or an information leak.
CVE-2023-3338
Ornaghi Davide discovered a flaw in the DECnet protocol
implementation which could lead to a null pointer dereference or
use-after-free. A local user can exploit this to cause a denial
of service (crash or memory corruption) and probably for privilege
escalation.
This flaw has been mitigated by removing the DECnet protocol
implementation.
CVE-2023-20593
Tavis Ormandy discovered that under specific microarchitectural
circumstances, a vector register in AMD "Zen 2" CPUs may not be
written to 0 correctly. This flaw allows an attacker to leak
sensitive information across concurrent processes, hyper threads
and virtualized guests.
For details please refer to
<https://lock.cmpxchg8b.com/zenbleed.html> and
<https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8>.
This issue can also be mitigated by a microcode update through the
amd64-microcode package or a system firmware (BIOS/UEFI) update.
However, the initial microcode release by AMD only provides
updates for second generation EPYC CPUs. Various Ryzen CPUs are
also affected, but no updates are available yet.
CVE-2023-31084
It was discovered that the DVB Core driver does not properly
handle locking of certain events, allowing a local user to cause a
denial of service.
CVE-2023-32233
Patryk Sondej and Piotr Krysiuk discovered a use-after-free flaw
in the Netfilter nf_tables implementation when processing batch
requests, which may result in local privilege escalation for a
user with the CAP_NET_ADMIN capability in any user or network
namespace.
CVE-2023-34256
The syzbot tool found a time-of-check-to-time-of-use flaw in the
ext4 filesystem driver. An attacker able to mount a disk image or
device that they can also write to directly could exploit this to
cause an out-of-bounds read, possibly resulting in a leak of
sensitive information or denial of service (crash).
CVE-2023-35788
Hangyu Hua discovered an out-of-bounds write vulnerability in the
Flower classifier which may result in denial of service or the
execution of arbitrary code.
CVE-2023-35823
A flaw was discovered in the saa7134 media driver that could lead
to a use-after-free after the driver is removed or unbound from a
device. The security impact of this is unclear.
CVE-2023-35824
A flaw was discovered in the dm1105 media driver that could lead
to a use-after-free after the driver is removed or unbound from a
device. The security impact of this is unclear.
CVE-2023-35828
A flaw was discovered in the renesas_udc USB device-mode driver
that could lead to a use-after-free after the driver is removed or
unbound from a device. The security impact of this is unclear.
This driver is not enabled in Debian's official kernel
configurations.
For Debian 10 buster, these problems have been fixed in version
4.19.289-1.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linux
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature