[SECURITY] [DLA 2610-1] linux-4.19 security update

Debian LTS Advisory DLA-2610-1 [email protected]
https://www.debian.org/lts/security/ Ben Hutchings
March 30, 2021 https://wiki.debian.org/LTS

Package : linux-4.19
Version : 4.19.181-1~deb9u1
CVE ID : CVE-2020-27170 CVE-2020-27171 CVE-2021-3348 CVE-2021-3428
CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27363
CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660
Debian Bug : 983595

Several vulnerabilities have been discovered in the Linux kernel that
may lead to the execution of arbitrary code, privilege escalation,
denial of service, or information leaks.

CVE-2020-27170, CVE-2020-27171

Piotr Krysiuk discovered flaws in the BPF subsystem's checks for
information leaks through speculative execution.  A local user
could use these to obtain sensitive information from kernel
memory.

CVE-2021-3348

ADlab of venustech discovered a race condition in the nbd block
driver that can lead to a use-after-free.  A local user with
access to an nbd block device could use this to cause a denial of
service (crash or memory corruption) or possibly for privilege
escalation.

CVE-2021-3428

Wolfgang Frisch reported a potential integer overflow in the
ext4 filesystem driver.  A user permitted to mount arbitrary
filesystem images could use this to cause a denial of service
(crash).

CVE-2021-26930 (XSA-365)

Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan
H. Schönherr discovered that the Xen block backend driver
(xen-blkback) did not handle grant mapping errors correctly.  A
malicious guest could exploit this bug to cause a denial of
service (crash), or possibly an information leak or privilege
escalation, within the domain running the backend, which is
typically dom0.

CVE-2021-26931 (XSA-362), CVE-2021-26932 (XSA-361), CVE-2021-28038 (XSA-367)

Jan Beulich discovered that the Xen support code and various Xen
backend drivers did not handle grant mapping errors correctly.  A
malicious guest could exploit these bugs to cause a denial of
service (crash) within the domain running the backend, which is
typically dom0.

CVE-2021-27363

Adam Nichols reported that the iSCSI initiator subsystem did not
properly restrict access to transport handle attributes in sysfs.
On a system acting as an iSCSI initiator, this is an information
leak to local users and makes it easier to exploit CVE-2021-27364.

CVE-2021-27364

Adam Nichols reported that the iSCSI initiator subsystem did not
properly restrict access to its netlink management interface.  On
a system acting as an iSCSI initiator, a local user could use
these to cause a denial of service (disconnection of storage) or
possibly for privilege escalation.

CVE-2021-27365

Adam Nichols reported that the iSCSI initiator subsystem did not
correctly limit the lengths of parameters or "passthrough PDUs"
sent through its netlink management interface.  On a system acting
as an iSCSI initiator, a local user could use these to leak the
contents of kernel memory, to cause a denial of service (kernel
memory corruption or crash), and probably for privilege
escalation.

CVE-2021-28660

It was discovered that the rtl8188eu WiFi driver did not correctly
limit the length of SSIDs copied into scan results.  An attacker
within WiFi range could use this to cause a denial of service
(crash or memory corruption) or possibly to execute code on a
vulnerable system.

For Debian 9 stretch, these problems have been fixed in version
4.19.181-1~deb9u1. This update additionally fixes Debian bug
#983595, and includes many more bug fixes from stable updates
4.19.172-4.19.181 inclusive.

We recommend that you upgrade your linux-4.19 packages.

For the detailed security status of linux-4.19 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linux-4.19

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

–
Ben Hutchings
[W]e found…that it wasn't as easy to get programs right as we had
thought. I realized that a large part of my life from then on was going
to be spent in finding mistakes in my own programs.
- Maurice Wilkes, 1949
Attachment:
signature.asc
Description: PGP signature