local root privilege escalation with user namespaces enabled (CVE-2022-34918)
so this security issue was disclosed in July:
https://www.randorisec.fr/crack-linux-firewall/
it was originally meant to be coordinated cleanly, but someone botched the disclosure which means the issue is now public. here's Debian's security tracker which, at the moment, doesn't have a fix for bullseye or later:
https://security-tracker.debian.org/tracker/CVE-2022-34918
it looks like this is the upstream patch for the issue:
... as that was merged in 5.19-rc5. there's a PoC exploit floating around here:
https://github.com/randorisec/CVE-2022-34918-LPE-PoC
this is particularly tricky because bullseye enabled user namespaces by default (and upstream also has it enabled by default - in fact the sysctl to disable it is a debian-specific patch anyways, which was never submitted to mainline, and an equivalent patch was basically refused, cloudflare has more details on this). so any bullseye machine right now is vulnerable to this, so it's pretty dangerous.