AVG-2754 log

Package linux-lts
Status Fixed
Severity High
Type multiple issues
Affected 5.15.44-1
Fixed 5.15.45-1
Current 5.15.60-1 [core]
Ticket None
Created Tue Jun 7 12:14:20 2022
Issue Severity Remote Type Description
CVE-2022-2318 Unknown Unknown Unknown
CVE-2022-1975 Medium Unknown Unknown
a sleep called in an atomic context could cause kernel panic during nfc firmware download
CVE-2022-1974 Medium No Information disclosure
a user with CAP_NET_ADMIN can use a race condition between kobject creation and delete to leak kernel information
CVE-2022-1972 High No Privilege escalation
a user with the ability to create user/net namespaces can exploit an out-of-bounds write in netflter to achieve privilege escalation to root.
CVE-2022-1966 High No Privilege escalation
a user with the ability to create user/net namespaces can exploit a use-after-free write in netflter to achieve privilege escalation to root.
CVE-2022-1734 High No Unknown
possible use-after-free due to race condition when simulating NFC device from user space
References
https://github.com/torvalds/linux/commit/f692bcffd1f2ce5488d24fbcb8eab5f351abf79d
https://github.com/torvalds/linux/commit/89ef50fe03a55feccf5681c237673a2f98161161
https://github.com/torvalds/linux/commit/a2168fb3128a576d0175443403c15dcf8bf128f6
https://github.com/torvalds/linux/commit/7bd81a05d48942ef2c48630e5e7963b187e95727
https://github.com/torvalds/linux/commit/b8f2b836e7d0a553b886654e8b3925a85862d2eb
https://github.com/torvalds/linux/commit/9cc02ede696272c5271a401e4f27c262359bc2f6
Notes
TODO: check wether CVE-2022-1462, CVE-2022-1786 and CVE-2022-1852 belong here