Debian Security Advisory 5402-1 – Torchsec

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5402-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
May 13, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2023-0386 CVE-2023-31436 CVE-2023-32233

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2023-0386

It was discovered that under certain conditions the overlayfs
filesystem implementation did not properly handle copy up
operations. A local user permitted to mount overlay mounts in user
namespaces can take advantage of this flaw for local privilege
escalation.

CVE-2023-31436

Gwangun Jung reported a a flaw causing heap out-of-bounds read/write
errors in the traffic control subsystem for the Quick Fair Queueing
scheduler (QFQ) which may result in information leak, denial of
service or privilege escalation.

CVE-2023-32233

Patryk Sondej and Piotr Krysiuk discovered a use-after-free flaw in
the Netfilter nf_tables implementation when processing batch
requests, which may result in local privilege escalation for a user
with the CAP_NET_ADMIN capability in any user or network namespace.

For the stable distribution (bullseye), these problems have been fixed in
version 5.10.179-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmRfblBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0S/ehAAimoZ2PphbMF53apge94ZKEnKKG2k43nEIDBumQsa8tFCmVxHKrxTV+qo
2OnkmuXO2W7kexlHNtnHfKie7pYI+0vLrxNQqyBBDHfUAvUC7cvVgZUG+O+K9v+r
TY60UJBkVwW3bY99MUMtwSsy0pN7dHqc/YQTWacPYSVuZ/GRn5/PLhDu9p6vdROD
BxYtcGF93I0EfGgjCqPZ16rivCwtIck4/GaQCBgypDa2N0h92Y/uTEebaA3LEC72
DuiJc1kPHpecGe11Xay1+KVt0q3CjwAxbjj740t/ySn+OzGqbSRpLk5IIsLuZL8F
hh+tsB3PDTpO9yOVNokO7h0wlja03uVFyddwPf8jkv0fsFo26OTkl1aISA6/gmT2
hymNBwPs5OAxX2f7Fe9jwHllBlLCb+xwiejBcrdNUMOsG2Krd7B5ABlj4shQPylQ
9NxPHgk9GrCjBFcRaCPoQBaIw5AT7R3Rv7xkyH/XzlXCvuckiJlZMwIw7AVDnRtv
orZ42xSxaZu1AyIVv48f2JinLrLTBIjj7BQrzq5M+9SXL3bGbv9ChzwoxSK7STc4
UJ13fZxmQbC50c0xmT1VbiYDIeE85cCOkuF+Heyqw3vJioFFl9tHEt8GT1FrHoUl
9IcX1l0CB62Sh7s8jdFnvSVur5ZfZbXyUIxWeNIHrF9PinQsVJY=
=sqnY
-----END PGP SIGNATURE-----