The Debian Project has published a massive Linux kernel security update for its Debian GNU/Linux 11 “Bullseye” operating system series to address 19 security vulnerabilities discovered by various security researchers in the upstream Linux 5.10 LTS kernel, which may lead to a privilege escalation, denial of service or information leaks.
Patched in this new Linux kernel security update for Debian GNU/Linux 11, there’s CVE-2021-4197, a security vulnerability reported by Eric Biederman in the cgroup process migration implementation, which could allow a local attacker to escalate privileges, as well as CVE-2022-0168, a NULL pointer dereference flaw found in the CIFS client implementation, which can allow a local attacker with CAP_SYS_ADMIN privileges to crash the system.
Also patched are CVE-2022-1016, a flaw discovered by David Bouman in the netfilter subsystem, which could allow a local attacker to read sensitive information, CVE-2022-1048, a race condition discovered by Hu Jiahui in the sound subsystem, which could allow a local user with access to a PCM sound device to crash the system or escalate privileges, as well as CVE-2022-1195 and CVE-2022-1198, race conditions discovered by Lin Ma and Duoming Zhou in the 6pack and mkiss hamradio drivers, which could lead to a use-after-free and allow a local user to cause a denial of service (memory corruption or crash) or escalate privileges.
The link for this article located at 9 to 5 Linux is no longer available.