CERT-FR Advisory: Critical Vulnerabilities in Debian and DebianLTS Linux Kernel

The French Governmental Computer Security Incident Response Team (CERT-FR) has issued an advisory regarding critical vulnerabilities detected in the Debian and DebianLTS Linux kernels. These vulnerabilities could pose serious risks to data confidentiality.

The affected versions include:

  • DebianLTS 10 (Buster) versions prior to 4.19.289-2
  • DebianLTS 10 (Buster) versions prior to 5.10.179-5~deb10u1
  • Debian 11 (Bullseye) versions prior to 5.10.179-5
  • Debian 12 (Bookworm) versions prior to 6.1.38-4

These vulnerabilities expose systems to potential risks of data confidentiality breaches. They could allow attackers to compromise the security of affected systems and potentially gain access to sensitive information.

Users are strongly encouraged to take immediate corrective actions by referring to the security bulletins published by DebianLTS and Debian. These bulletins provide patches and solutions to mitigate the risks associated with these vulnerabilities.

For more information, users can refer to the following links:

  • DebianLTS DLA-3525-1 Security Bulletin dated August 11, 2023: Link
  • DebianLTS DLA-3524-1 Security Bulletin dated August 10, 2023: Link
  • Debian DLA-3524-1 Security Bulletin dated August 11, 2023: Link

The CVE references for these vulnerabilities are as follows:

  • CVE-2022-40982: Link
  • CVE-2023-20569: Link

Implementing appropriate patches is highly recommended to prevent any unwanted exploitation of these vulnerabilities and to ensure the security of the affected systems.