[SECURITY] [DSA 4978-1] linux security update

---

Debian Security Advisory DSA-4978-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
September 25, 2021 https://www.debian.org/security/faq

---

Package : linux
CVE ID : CVE-2020-3702 CVE-2020-16119 CVE-2021-3653 CVE-2021-3656
CVE-2021-3679 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743
CVE-2021-3753 CVE-2021-37576 CVE-2021-38160 CVE-2021-38166
CVE-2021-38199 CVE-2021-40490 CVE-2021-41073
Debian Bug : 993948 993978

Several vulnerabilities have been discovered in the Linux kernel
that may lead to a privilege escalation, denial of service or
information leaks.

CVE-2020-3702

A flaw was found in the driver for Atheros IEEE 802.11n family of
chipsets (ath9k) allowing information disclosure.

CVE-2020-16119

Hadar Manor reported a use-after-free in the DCCP protocol
implementation in the Linux kernel. A local attacker can take
advantage of this flaw to cause a denial of service or potentially
to execute arbitrary code.

CVE-2021-3653

Maxim Levitsky discovered a vulnerability in the KVM hypervisor
implementation for AMD processors in the Linux kernel: Missing
validation of the `int_ctl` VMCB field could allow a malicious L1
guest to enable AVIC support (Advanced Virtual Interrupt Controller)
for the L2 guest. The L2 guest can take advantage of this flaw to
write to a limited but still relatively large subset of the host
physical memory.

CVE-2021-3656

Maxim Levitsky and Paolo Bonzini discovered a flaw in the KVM
hypervisor implementation for AMD processors in the Linux kernel.
Missing validation of the the `virt_ext` VMCB field could allow a
malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS
(Virtual VMLOAD/VMSAVE) for the L2 guest. Under these circumstances,
the L2 guest is able to run VMLOAD/VMSAVE unintercepted and thus
read/write portions of the host's physical memory.

CVE-2021-3679

A flaw in the Linux kernel tracing module functionality could allow
a privileged local user (with CAP_SYS_ADMIN capability) to cause a
denial of service (resource starvation).

CVE-2021-3732

Alois Wohlschlager reported a flaw in the implementation of the
overlayfs subsystem, allowing a local attacker with privileges to
mount a filesystem to reveal files hidden in the original mount.

CVE-2021-3739

A NULL pointer dereference flaw was found in the btrfs filesystem,
allowing a local attacker with CAP_SYS_ADMIN capabilities to cause a
denial of service.

CVE-2021-3743

An out-of-bounds memory read was discovered in the Qualcomm IPC
router protocol implementation, allowing to cause a denial of
service or information leak.

CVE-2021-3753

Minh Yuan reported a race condition in the vt_k_ioctl in
drivers/tty/vt/vt_ioctl.c, which may cause an out of bounds
read in vt.

CVE-2021-37576

Alexey Kardashevskiy reported a buffer overflow in the KVM subsystem
on the powerpc platform, which allows KVM guest OS users to cause
memory corruption on the host.

CVE-2021-38160

A flaw in the virtio_console was discovered allowing data corruption
or data loss by an untrusted device.

CVE-2021-38166

An integer overflow flaw in the BPF subsystem could allow a local
attacker to cause a denial of service or potentially the execution
of arbitrary code. This flaw is mitigated by default in Debian as
unprivileged calls to bpf() are disabled.

CVE-2021-38199

Michael Wakabayashi reported a flaw in the NFSv4 client
implementation, where incorrect connection setup ordering allows
operations of a remote NFSv4 server to cause a denial of service.

CVE-2021-40490

A race condition was discovered in the ext4 subsystem when writing
to an inline_data file while its xattrs are changing. This could
result in denial of service.

CVE-2021-41073

Valentina Palmiotti discovered a flaw in io_uring allowing a local
attacker to escalate privileges.

For the stable distribution (bullseye), these problems have been fixed in
version 5.10.46-5. This update includes fixes for #993948 and #993978.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]