[continued from previous message]
as CONFIG_MMC_MOXART is not set.
CVE-2022-0492
Yiqi Sun and Kevin Wang reported that the cgroup-v1 subsystem does
not properly restrict access to the release-agent feature. A local
user can take advantage of this flaw for privilege escalation and
bypass of namespace isolation.
CVE-2022-0617
butt3rflyh4ck discovered a NULL pointer dereference in the UDF
filesystem. A local user that can mount a specially crafted UDF
image can use this flaw to crash the system.
CVE-2022-0644
Hao Sun reported a missing check for file read permission in the
finit_module() and kexec_file_load() system calls. The security
impact of this is unclear, since these system calls are usually
only available to the root user.
CVE-2022-22942
It was discovered that wrong file file descriptor handling in the
VMware Virtual GPU driver (vmwgfx) could result in information leak
or privilege escalation.
CVE-2022-24448
Lyu Tao reported a flaw in the NFS implementation in the Linux
kernel when handling requests to open a directory on a regular file,
which could result in a information leak.
CVE-2022-24959
A memory leak was discovered in the yam_siocdevprivate() function of
the YAM driver for AX.25, which could result in denial of service.
CVE-2022-25258
Szymon Heidrich reported the USB Gadget subsystem lacks certain
validation of interface OS descriptor requests, resulting in memory
corruption.
CVE-2022-25375
Szymon Heidrich reported that the RNDIS USB gadget lacks validation
of the size of the RNDIS_MSG_SET command, resulting in information
leak from kernel memory.
For the oldstable distribution (buster), these problems have been
fixed in version 4.19.232-1. This update additionally includes many
more bug fixes from stable updates 4.19.209-4.19.232 inclusive.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
[email protected]
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIotm1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RcGg//QBgf4RfElxd+11a+BZ9HWJFBjA5Wp2VStf1+inoZ7X/En7W9QBpVvmks Jum5QFpvA1waEP0zk0/O5MKXHtMbRMFdj0UUYQM7Vi3/vfeP73C10YmXv2yfG2Fw dTGnVHpvvdJSbNzxMG4jruNY5b0Bf/WEQSqtuOM6V2aBiI7Y2pSI6Ak/dvexiu+0 ycz6PTDkX66e/p7NONw+B33L8yTMj9yu1cCdoYdrDihVlrESgbMLHUWO9JKRQykk tsI2a79OIEkaj+yQwfkJu9njoPUTn6OZYUYxD8XaN8XtkDpwx1oVsiyqpslJEmgR vaS1DOEnIZXsq2pscSPeKfFM30uFgqAxkQm/zUpjGGSXib58xaaf/c61LCQoMU2g cSc+8+N1S2Lbcscdxd9TumvrOGJVuP/q/FqcOl4npcz1WLZRmc9f9IprdqUEy2iJ +YLSrFFOfhgMMP0El6KJvG/8Jz60UEAiWuYutT508w1jIRrvMRLW4i6V3NXHrNkx GDofOfPF8jNdt2Www+2sqEY51f+w2kffOSAnHGGPCASvWpuXFOw9ZyxnuyRRKKBE no9PH0X71a636sZGh8bIU25PSKQlhtlAfCP+0Fef7PeEKTz1MJf8Nvo+vgCIsani eGWa9jzdkVxHDEjxplX0stsByglCYyud7JSI1ZE9oLtJU1/xDBc=
=5fQT
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)