Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian: Security Advisory for linux (DSA-5092-1)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the 'linux' package(s) announced via the DSA-5092-1 advisory.
Insight
Insight
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2021-43976 Zekun Shen and Brendan Dolan-Gavitt discovered a flaw in the mwifiex_usb_recv() function of the Marvell WiFi-Ex USB Driver. An attacker able to connect a crafted USB device can take advantage of this flaw to cause a denial of service. CVE-2022-0330 Sushma Venkatesh Reddy discovered a missing GPU TLB flush in the i915 driver, resulting in denial of service or privilege escalation. CVE-2022-0435 Samuel Page and Eric Dumazet reported a stack overflow in the networking module for the Transparent Inter-Process Communication (TIPC) protocol, resulting in denial of service or potentially the execution of arbitrary code. CVE-2022-0516 It was discovered that an insufficient check in the KVM subsystem for s390x could allow unauthorized memory read or write access. CVE-2022-0847 Max Kellermann discovered a flaw in the handling of pipe buffer flags. An attacker can take advantage of this flaw for local privilege escalation. CVE-2022-22942 It was discovered that wrong file file descriptor handling in the VMware Virtual GPU driver (vmwgfx) could result in information leak or privilege escalation. CVE-2022-24448 Lyu Tao reported a flaw in the NFS implementation in the Linux kernel when handling requests to open a directory on a regular file, which could result in a information leak. CVE-2022-24959 A memory leak was discovered in the yam_siocdevprivate() function of the YAM driver for AX.25, which could result in denial of service. CVE-2022-25258 Szymon Heidrich reported the USB Gadget subsystem lacks certain validation of interface OS descriptor requests, resulting in memory corruption. CVE-2022-25375 Szymon Heidrich reported that the RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command, resulting in information leak from kernel memory.
Affected Software
Affected Software
'linux' package(s) on Debian Linux.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
For the stable distribution (bullseye), these problems have been fixed in version 5.10.92-2. We recommend that you upgrade your linux packages.