Debian Linux Debian Linux OS

Do you want an email whenever new security vulnerabilities are reported in Debian Linux?

By the Year

In 2022 there have been 598 vulnerabilities in Debian Linux with an average score of 7.2 out of ten. Last year Debian Linux had 998 security vulnerabilities published. Right now, Debian Linux is on track to have less security vulnerabilities in 2022 than it did last year. Last year, the average CVE base score was greater by 0.05

Year Vulnerabilities Average Score
2022 598 7.20
2021 998 7.25
2020 938 6.82
2019 798 7.35
2018 1117 7.31

It may take a day or so for new Debian Linux vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Debian Linux Security Vulnerabilities

A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2

CVE-2022-44789 8.8 - High - November 23, 2022

A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.

Buffer Overflow

Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos

CVE-2022-41916 7.5 - High - November 15, 2022

Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.

off-by-five

sysstat is a set of system performance tools for the Linux operating system

CVE-2022-39377 9.8 - Critical - November 08, 2022

sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.

Classic Buffer Overflow

Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g

CVE-2022-42321 6.5 - Medium - November 01, 2022

Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored.

Stack Exhaustion

Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains

CVE-2022-42322 5.5 - Medium - November 01, 2022

Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working together to create an arbitrary number of Xenstore nodes. This is possible by domain A letting domain B write into domain A's local Xenstore tree. Domain B can then create many nodes and reboot. The nodes created by domain B will now be owned by Dom0. By repeating this process over and over again an arbitrary number of nodes can be created, as Dom0's number of nodes isn't limited by Xenstore quota.

Memory Leak

Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains

CVE-2022-42323 5.5 - Medium - November 01, 2022

Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working together to create an arbitrary number of Xenstore nodes. This is possible by domain A letting domain B write into domain A's local Xenstore tree. Domain B can then create many nodes and reboot. The nodes created by domain B will now be owned by Dom0. By repeating this process over and over again an arbitrary number of nodes can be created, as Dom0's number of nodes isn't limited by Xenstore quota.

Memory Leak

Xenstore: Guests can create arbitrary number of nodes

CVE-2022-42325 5.5 - Medium - November 01, 2022

Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes.

Memory Leak

Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path

CVE-2022-42309 8.8 - High - November 01, 2022

Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain.

Release of Invalid Pointer or Reference

Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error

CVE-2022-42310 5.5 - Medium - November 01, 2022

Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the transaction is committed after this situation, nodes without a valid parent can be made permanent in the data base.

Insufficient Cleanup

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains

CVE-2022-42317 6.5 - Medium - November 01, 2022

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction

Allocation of Resources Without Limits or Throttling

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains

CVE-2022-42318 6.5 - Medium - November 01, 2022

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction

Allocation of Resources Without Limits or Throttling

Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest

CVE-2022-42319 6.5 - Medium - November 01, 2022

Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be finished only after the guest has read the response message of the request from the ring page. Thus a guest not reading the response can cause xenstored to not free the temporary memory. This can result in memory shortages causing Denial of Service (DoS) of xenstored.

Memory Leak

Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid

CVE-2022-42320 7 - High - November 01, 2022

Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0.

Insufficient Cleanup

Xenstore: Guests can create arbitrary number of nodes

CVE-2022-42326 5.5 - Medium - November 01, 2022

Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes.

Memory Leak

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate

CVE-2022-40617 7.5 - High - October 31, 2022

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.

Resource Exhaustion

In libexpat through 2.4.9

CVE-2022-43680 7.5 - High - October 24, 2022

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

Dangling pointer

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow

CVE-2022-37454 9.8 - Critical - October 21, 2022

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

Integer Overflow or Wraparound

A vulnerability was found in Linux Kernel

CVE-2022-3629 3.3 - Low - October 21, 2022

A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.

Improper Resource Shutdown or Release

A vulnerability was found in Linux Kernel

CVE-2022-3625 7.8 - High - October 21, 2022

A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability.

Buffer Overflow

A vulnerability was found in Linux Kernel

CVE-2022-3621 7.5 - High - October 20, 2022

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.

NULL Pointer Dereference

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module

CVE-2022-41742 7.1 - High - October 19, 2022

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.

Memory Corruption

A flaw was found in the Linux kernels networking code

CVE-2022-3586 5.5 - Medium - October 19, 2022

A flaw was found in the Linux kernels networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.

Dangling pointer

A vulnerability, which was classified as problematic, has been found in X.org Server

CVE-2022-3551 6.5 - Medium - October 17, 2022

A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.

Improper Resource Shutdown or Release

A vulnerability classified as critical was found in X.org Server

CVE-2022-3550 8.8 - High - October 17, 2022

A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051.

Buffer Overflow

In the Linux kernel 5.8 through 5.19.x before 5.19.16

CVE-2022-42722 5.5 - Medium - October 14, 2022

In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.

NULL Pointer Dereference

A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and

CVE-2022-42721 5.5 - Medium - October 14, 2022

A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.

Infinite Loop

Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.

CVE-2022-42720 7.8 - High - October 14, 2022

Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.

Dangling pointer

An issue was discovered in the Linux kernel before 5.19.16

CVE-2022-41674 8.1 - High - October 14, 2022

An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.

Memory Corruption

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.

CVE-2022-42719 8.8 - High - October 13, 2022

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.

Dangling pointer

In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py

CVE-2022-42902 8.8 - High - October 13, 2022

In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.

An issue in the fetch() method in the BasicProfile class of org.ini4j before v0.5.4

CVE-2022-41404 7.5 - High - October 11, 2022

An issue in the fetch() method in the BasicProfile class of org.ini4j before v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server

CVE-2022-3140 6.3 - Medium - October 11, 2022

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.1; 7.3 versions prior to 7.3.6.

Argument Injection

In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free

CVE-2022-20421 7.8 - High - October 11, 2022

In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel

Dangling pointer

** DISPUTED ** A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js

CVE-2022-37616 9.8 - Critical - October 11, 2022

** DISPUTED ** A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid."

Prototype Pollution

In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called

CVE-2022-2928 6.5 - Medium - October 07, 2022

In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.

NULL Pointer Dereference

In ISC DHCP 1.0 -> 4.4.3

CVE-2022-2929 6.5 - Medium - October 07, 2022

In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.

Allocation of Resources Without Limits or Throttling

In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur

CVE-2022-42003 7.5 - High - October 02, 2022

In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1

Marshaling, Unmarshaling

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer

CVE-2022-42004 7.5 - High - October 02, 2022

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

Marshaling, Unmarshaling

An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby

CVE-2016-2338 9.8 - Critical - September 29, 2022

An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.

Memory Corruption

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77

CVE-2021-43980 3.7 - Low - September 28, 2022

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.

Race Condition

Twig is a template language for PHP

CVE-2022-39261 7.5 - High - September 28, 2022

Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading.

Directory traversal

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c

CVE-2022-32166 8.8 - High - September 28, 2022

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of minimasks function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

Out-of-bounds Read

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking

CVE-2022-3303 4.7 - Medium - September 27, 2022

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition

Race Condition

Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125

CVE-2022-3201 5.4 - Medium - September 26, 2022

Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High)

Improper Input Validation

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity

CVE-2022-40188 7.5 - High - September 23, 2022

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.

Resource Exhaustion

By flooding the target resolver with queries exploiting this flaw an attacker

CVE-2022-2795 7.5 - High - September 21, 2022

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

Resource Exhaustion

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak

CVE-2022-38178 7.5 - High - September 21, 2022

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

Improper Verification of Cryptographic Signature

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak

CVE-2022-38177 7.5 - High - September 21, 2022

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

Improper Verification of Cryptographic Signature

mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB

CVE-2022-41222 7 - High - September 21, 2022

mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.

Dangling pointer

A buffer overflow issue was addressed with improved memory handling

CVE-2022-32886 8.8 - High - September 20, 2022

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2

CVE-2022-28203 7.5 - High - September 19, 2022

A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.

Release of Invalid Pointer or Reference

An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2

CVE-2022-28201 4.4 - Medium - September 19, 2022

An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.

Stack Exhaustion

There exists a use-after-free in io_uring in the Linux kernel

CVE-2022-3176 7.8 - High - September 16, 2022

There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659

Dangling pointer

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

CVE-2022-40674 9.8 - Critical - September 14, 2022

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

Dangling pointer

In lighttpd 1.4.65

CVE-2022-37797 7.5 - High - September 12, 2022

In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.

NULL Pointer Dereference

An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map

CVE-2022-2905 5.5 - Medium - September 09, 2022

An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.

Out-of-bounds Read

An issue was discovered in the Linux kernel through 5.19.8

CVE-2022-40307 4.7 - Medium - September 09, 2022

An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.

Dangling pointer

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse

CVE-2022-40023 7.5 - High - September 07, 2022

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.

A vulnerability was found in the PCS project

CVE-2022-2735 7.8 - High - September 06, 2022

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS.

Incorrect Default Permissions

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS)

CVE-2022-38751 6.5 - Medium - September 05, 2022

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Memory Corruption

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS)

CVE-2022-38750 5.5 - Medium - September 05, 2022

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Memory Corruption

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS)

CVE-2022-38749 6.5 - Medium - September 05, 2022

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Memory Corruption

The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths

CVE-2022-3008 8.8 - High - September 05, 2022

The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751

Command Injection

An issue was discovered in the Linux kernel before 5.19

CVE-2022-39842 6.1 - Medium - September 05, 2022

An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur.

Integer Overflow or Wraparound

libvncclient v0.9.13 was discovered to contain a memory leak

CVE-2020-29260 7.5 - High - September 02, 2022

libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().

Resource Exhaustion

An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19

CVE-2022-39188 4.7 - Medium - September 02, 2022

An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.

Race Condition

An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6

CVE-2022-39190 5.5 - Medium - September 02, 2022

An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.

Resource Exhaustion

BlueZ before 5.59 allows physically proximate attackers to cause a denial of service

CVE-2022-39177 8.8 - High - September 02, 2022

BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.

BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information

CVE-2022-39176 8.8 - High - September 02, 2022

BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.

An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message

CVE-2022-2663 5.3 - Medium - September 01, 2022

An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.

Improper Restriction of Communication Channel to Intended Endpoints

In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data

CVE-2020-35533 5.5 - Medium - September 01, 2022

In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file.

Out-of-bounds Read

In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered

CVE-2020-35532 5.5 - Medium - September 01, 2022

In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field.

Out-of-bounds Read

In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data

CVE-2020-35531 5.5 - Medium - September 01, 2022

In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file.

Out-of-bounds Read

In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp)

CVE-2020-35530 5.5 - Medium - September 01, 2022

In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.

Memory Corruption

Found Linux Kernel flaw in the i740 driver

CVE-2022-3061 5.5 - Medium - September 01, 2022

Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error.

Divide By Zero

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility

CVE-2022-1271 8.8 - High - August 31, 2022

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

Improper Input Validation

A permissive list of allowed inputs flaw was found in DPDK

CVE-2022-2132 8.6 - High - August 31, 2022

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously

CVE-2022-3028 7 - High - August 31, 2022

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.

Race Condition

A flaw was found in the Linux kernels KVM when attempting to set a SynIC IRQ

CVE-2022-2153 5.5 - Medium - August 31, 2022

A flaw was found in the Linux kernels KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.

NULL Pointer Dereference

The package org.yaml:snakeyaml

CVE-2022-25857 7.5 - High - August 30, 2022

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

Resource Exhaustion

telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference

CVE-2022-39028 7.5 - High - August 30, 2022

telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.

NULL Pointer Dereference

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc)

CVE-2022-38784 7.8 - High - August 30, 2022

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.

Integer Overflow or Wraparound

A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.

CVE-2022-0367 7.8 - High - August 29, 2022

A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.

Memory Corruption

A use-after-free flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol

CVE-2022-1204 5.5 - Medium - August 29, 2022

A use-after-free flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.

Dangling pointer

A flaw was found in python-oslo-utils

CVE-2022-0718 4.9 - Medium - August 29, 2022

A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.

Insufficiently Protected Credentials

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernels filesystem sub-component

CVE-2022-1184 5.5 - Medium - August 29, 2022

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernels filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.

Dangling pointer

Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users

CVE-2022-2787 4.3 - Medium - August 27, 2022

Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.

Improper Preservation of Permissions

A flaw was found in the Linux kernel

CVE-2022-0171 5.5 - Medium - August 26, 2022

A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).

Insufficient Cleanup

A deadlock issue was found in the AHCI controller device of QEMU

CVE-2021-3735 4.4 - Medium - August 26, 2022

A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.

Resource Exhaustion

A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants

CVE-2021-3864 7 - High - August 26, 2022

A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.

A flaw was found in openstack-keystone

CVE-2021-3563 7.4 - High - August 26, 2022

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.

AuthZ

A flaw was found in the Linux kernel

CVE-2021-3669 5.5 - Medium - August 26, 2022

A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.

Resource Exhaustion

A vulnerability was found in mod_wsgi

CVE-2022-2255 7.5 - High - August 25, 2022

A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.

Insufficient Verification of Data Authenticity

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2022-32893 8.8 - High - August 24, 2022

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Memory Corruption

A heap overflow flaw was found in libpngs' pngimage.c program

CVE-2021-4214 5.5 - Medium - August 24, 2022

A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.

Classic Buffer Overflow

A flaw was found in glibc

CVE-2021-3999 7.8 - High - August 24, 2022

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

off-by-five

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures

CVE-2021-4159 4.4 - Medium - August 24, 2022

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode

CVE-2021-4189 5.3 - Medium - August 24, 2022

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

Unchecked Return Value

An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation

CVE-2021-4204 7.1 - High - August 24, 2022

An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.

Memory Corruption

A flaw was found in JSS, where it did not properly free up all memory

CVE-2021-4213 7.5 - High - August 24, 2022

A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the servers RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.

Memory Leak

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Debian Linux or by Debian? Click the Watch button to subscribe.

Debian
Vendor

subscribe