Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian: Security Advisory for linux (DSA-5161-1)

Information

Severity

Severity

High

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.2

CVSSv2 Vector

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

2 months ago

Modified

Modified

2 months ago

Summary

The remote host is missing an update for the 'linux' package(s) announced via the DSA-5161-1 advisory.

Insight

Insight

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2022-0494 The scsi_ioctl() was susceptible to an information leak only exploitable by users with CAP_SYS_ADMIN or CAP_SYS_RAWIO capabilities. CVE-2022-0854 Ali Haider discovered a potential information leak in the DMA subsystem. On systems where the swiotlb feature is needed, this might allow a local user to read sensitive information. CVE-2022-1012 The randomisation when calculating port offsets in the IP implementation was enhanced. CVE-2022-1729 Norbert Slusarek discovered a race condition in the perf subsystem which could result in local privilege escalation to root. The default settings in Debian prevent exploitation unless more permissive settings have been applied in the kernel.perf_event_paranoid sysctl. CVE-2022-1786 Kyle Zeng discovered a use-after-free in the io_uring subsystem which way result in local privilege escalation to root. CVE-2022-1789 / CVE-2022-1852 Yongkang Jia, Gaoning Pan and Qiuhao Li discovered two NULL pointer dereferences in KVM's CPU instruction handling, resulting in denial of service. CVE-2022-1966 Aaron Adams discovered a use-after-free in Netfilter which may result in local privilege escalation to root. CVE-2022-1972 Ziming Zhang discovered an out-of-bound write in Netfilter which may result in local privilege escalation to root. CVE-2022-1974 / CVE-2022-1975 Duoming Zhou discovered that the NFC netlink interface was suspectible to denial of service. CVE-2022-21499 It was discovered that the kernel debugger could be used to bypass UEFI Secure Boot restrictions. CVE-2022-28893 Felix Fu discovered a use-after-free in the implementation of the Remote Procedure Call (SunRPC) protocol, which could result in denial of service or an information leak.

Affected Software

Affected Software

'linux' package(s) on Debian Linux.

Detection Method

Detection Method

Checks if a vulnerable package version is present on the target host.

Solution

Solution

For the stable distribution (bullseye), these problems have been fixed in version 5.10.120-1. We recommend that you upgrade your linux packages.