Debian Security Advisory
DSA-5095-1 linux -- security update
- Date Reported:
- 09 Mar 2022
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 990279.
In Mitre's CVE dictionary: CVE-2020-36310, CVE-2022-0001, CVE-2022-0002, CVE-2022-0487, CVE-2022-0492, CVE-2022-0617, CVE-2022-25636.
- More information:
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
A flaw was discovered in the KVM implementation for AMD processors, which could lead to an infinite loop. A malicious VM guest could exploit this to cause a denial of service.
- CVE-2022-0001 (INTEL-SA-00598)
Researchers at VUSec discovered that the Branch History Buffer in Intel processors can be exploited to create information side channels with speculative execution. This issue is similar to Spectre variant 2, but requires additional mitigations on some processors.
This can be exploited to obtain sensitive information from a different security context, such as from user-space to the kernel, or from a KVM guest to the kernel.
- CVE-2022-0002 (INTEL-SA-00598)
This is a similar issue to CVE-2022-0001, but covers exploitation within a security context, such as from JIT-compiled code in a sandbox to hosting code in the same process.
This is partly mitigated by disabling eBPF for unprivileged users with the sysctl: kernel.unprivileged_bpf_disabled=2. This is already the default in Debian 11
A use-after-free was discovered in the MOXART SD/MMC Host Controller support driver. This flaw does not impact the Debian binary packages as CONFIG_MMC_MOXART is not set.
Yiqi Sun and Kevin Wang reported that the cgroup-v1 subsystem does not properly restrict access to the release-agent feature. A local user can take advantage of this flaw for privilege escalation and bypass of namespace isolation.
butt3rflyh4ck discovered a NULL pointer dereference in the UDF filesystem. A local user that can mount a specially crafted UDF image can use this flaw to crash the system.
Nick Gregory reported a heap out-of-bounds write flaw in the netfilter subsystem. A user with the CAP_NET_ADMIN capability could use this for denial of service or possibly for privilege escalation.
For the stable distribution (bullseye), these problems have been fixed in version 5.10.103-1. This update additionally includes many more bug fixes from stable updates 5.10.93-5.10.103 inclusive.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux