CVE-2022-3565 CVE-2022-3594 CVE-2022-3621 CVE-2022-3628 CVE-2022-3640 CVE-2022-3643 CVE-2022-3646 CVE-2022-3649 CVE-2022-4378 CVE-2022-20369 CVE-2022-29901 CVE-2022-40768 CVE-2022-41849 CVE-2022-41850 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-42896 CVE-2022-43750
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
CVE-2022-2978
"butt3rflyh4ck", Hao Sun, and Jiacheng Xu reported a flaw in the
nilfs2 filesystem driver which can lead to a use-after-free. A
local use might be able to exploit this to cause a denial of
service (crash or memory corruption) or possibly for privilege
escalation.
CVE-2022-3521
The syzbot tool found a race condition in the KCM subsystem
which could lead to a crash.
This subsystem is not enabled in Debian's official kernel
configurations.
CVE-2022-3524
The syzbot tool found a race condition in the IPv6 stack which
could lead to a memory leak. A local user could exploit this to
cause a denial of service (memory exhaustion).
CVE-2022-3564
A flaw was discovered in the Bluetooh L2CAP subsystem which
would lead to a use-after-free. This might be exploitable
to cause a denial of service (crash or memory corruption) or
possibly for privilege escalation.
CVE-2022-3565
A flaw was discovered in the mISDN driver which would lead to a
use-after-free. This might be exploitable to cause a denial of
service (crash or memory corruption) or possibly for privilege
escalation.
CVE-2022-3594
Andrew Gaul reported that the r8152 Ethernet driver would log
excessive numbers of messages in response to network errors. A
remote attacker could possibly exploit this to cause a denial of
service (resource exhaustion).
CVE-2022-3621, CVE-2022-3646
The syzbot tool found...
4.19.269-1