AVG-2753 log

Package linux-zen
Status Fixed
Severity High
Type multiple issues
Affected 5.18.1.zen1-1
Fixed 5.18.2.zen1-1
Current 6.11.3.zen1-1 [extra]
Ticket None
Created Tue Jun 7 12:10:12 2022
Issue Severity Remote Type Description
CVE-2022-1975 Medium Unknown Unknown
a sleep called in an atomic context could cause kernel panic during nfc firmware download
CVE-2022-1974 Medium No Information disclosure
a user with CAP_NET_ADMIN can use a race condition between kobject creation and delete to leak kernel information
CVE-2022-1972 High No Privilege escalation
a user with the ability to create user/net namespaces can exploit an out-of-bounds write in netflter to achieve privilege escalation to root.
CVE-2022-1966 High No Privilege escalation
a user with the ability to create user/net namespaces can exploit a use-after-free write in netflter to achieve privilege escalation to root.
CVE-2022-1734 High No Unknown
possible use-after-free due to race condition when simulating NFC device from user space
References
https://github.com/torvalds/linux/commit/c9a46a3d549286861259c19af4747e12cfaeece9
https://github.com/torvalds/linux/commit/8f44c83e51b4ca49c815f8dd0d9c38f497cdbcb0
Notes
TODO: check wether CVE-2022-1462, CVE-2022-1786 and CVE-2022-1852 belong here