logo
DATABASE RESOURCES PRICING ABOUT US

linux-4.19 - security update

Description

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. * [CVE-2020-3702](https://security-tracker.debian.org/tracker/CVE-2020-3702) A flaw was found in the driver for Atheros IEEE 802.11n family of chipsets (ath9k) allowing information disclosure. * [CVE-2020-16119](https://security-tracker.debian.org/tracker/CVE-2020-16119) Hadar Manor reported a use-after-free in the DCCP protocol implementation in the Linux kernel. A local attacker can take advantage of this flaw to cause a denial of service or potentially to execute arbitrary code. * [CVE-2021-3444](https://security-tracker.debian.org/tracker/CVE-2021-3444) , [CVE-2021-3600](https://security-tracker.debian.org/tracker/CVE-2021-3600) Two flaws were discovered in the Extended BPF (eBPF) verifier. A local user could exploit these to read and write arbitrary memory in the kernel, which could be used for privilege escalation. This can be mitigated by setting sysctl kernel.unprivileged\_bpf\_disabled=1, which disables eBPF use by unprivileged users. * [CVE-2021-3612](https://security-tracker.debian.org/tracker/CVE-2021-3612) Murray McAllister reported a flaw in the joystick input subsystem. A local user permitted to access a joystick device could exploit this to read and write out-of-bounds in the kernel, which could be used for privilege escalation. * [CVE-2021-3653](https://security-tracker.debian.org/tracker/CVE-2021-3653) Maxim Levitsky discovered a vulnerability in the KVM hypervisor implementation for AMD processors in the Linux kernel: Missing validation of the `int\_ctl` VMCB field could allow a malicious L1 guest to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. The L2 guest can take advantage of this flaw to write to a limited but still relatively large subset of the host physical memory. * [CVE-2021-3655](https://security-tracker.debian.org/tracker/CVE-2021-3655) Ilja Van Sprundel and Marcelo Ricardo Leitner found multiple flaws in the SCTP implementation, where missing validation could lead to an out-of-bounds read. On a system using SCTP, a networked attacker could exploit these to cause a denial of service (crash). * [CVE-2021-3656](https://security-tracker.debian.org/tracker/CVE-2021-3656) Maxim Levitsky and Paolo Bonzini discovered a flaw in the KVM hypervisor implementation for AMD processors in the Linux kernel. Missing validation of the `virt\_ext` VMCB field could allow a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. Under these circumstances, the L2 guest is able to run VMLOAD/VMSAVE unintercepted and thus read/write portions of the host's physical memory. * [CVE-2021-3679](https://security-tracker.debian.org/tracker/CVE-2021-3679) A flaw in the Linux kernel tracing module functionality could allow a privileged local user (with CAP\_SYS\_ADMIN capability) to cause a denial of service (resource starvation). * [CVE-2021-3732](https://security-tracker.debian.org/tracker/CVE-2021-3732) Alois Wohlschlager reported a flaw in the implementation of the overlayfs subsystem, allowing a local attacker with privileges to mount a filesystem to reveal files hidden in the original mount. * [CVE-2021-3743](https://security-tracker.debian.org/tracker/CVE-2021-3743) An out-of-bounds memory read was discovered in the Qualcomm IPC router protocol implementation, allowing to cause a denial of service or information leak. * [CVE-2021-3753](https://security-tracker.debian.org/tracker/CVE-2021-3753) Minh Yuan reported a race condition in the vt\_k\_ioctl in drivers/tty/vt/vt\_ioctl.c, which may cause an out of bounds read in vt. * [CVE-2021-22543](https://security-tracker.debian.org/tracker/CVE-2021-22543) David Stevens discovered a flaw in how the KVM hypervisor maps host memory into a guest. A local user permitted to access /dev/kvm could use this to cause certain pages to be freed when they should not, leading to a use-after-free. This could be used to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. * [CVE-2021-33624](https://security-tracker.debian.org/tracker/CVE-2021-33624) , [CVE-2021-34556](https://security-tracker.debian.org/tracker/CVE-2021-34556), [CVE-2021-35477](https://security-tracker.debian.org/tracker/CVE-2021-35477) Multiple researchers discovered flaws in the Extended BPF (eBPF) verifier's protections against information leaks through speculation execution. A local user could exploit these to read sensitive information. This can be mitigated by setting sysctl kernel.unprivileged\_bpf\_disabled=1, which disables eBPF use by unprivileged users. * [CVE-2021-35039](https://security-tracker.debian.org/tracker/CVE-2021-35039) A flaw was discovered in module signature enforcement. A custom kernel with IMA enabled might have allowed loading unsigned kernel modules when it should not have. * [CVE-2021-37159](https://security-tracker.debian.org/tracker/CVE-2021-37159) A flaw was discovered in the hso driver for Option mobile broadband modems. An error during initialisation could lead to a double-free or use-after-free. An attacker able to plug in USB devices could use this to cause a denial of service (crash or memory corruption) or possibly to run arbitrary code. * [CVE-2021-38160](https://security-tracker.debian.org/tracker/CVE-2021-38160) A flaw in the virtio\_console was discovered allowing data corruption or data loss by an untrusted device. * [CVE-2021-38198](https://security-tracker.debian.org/tracker/CVE-2021-38198) A flaw was discovered in the KVM implementation for x86 processors, that could result in virtual memory protection within a guest not being applied correctly. When shadow page tables are used - i.e. for nested virtualisation, or on CPUs lacking the EPT or NPT feature - a user of the guest OS might be able to exploit this for denial of service or privilege escalation within the guest. * [CVE-2021-38199](https://security-tracker.debian.org/tracker/CVE-2021-38199) Michael Wakabayashi reported a flaw in the NFSv4 client implementation, where incorrect connection setup ordering allows operations of a remote NFSv4 server to cause a denial of service. * [CVE-2021-38205](https://security-tracker.debian.org/tracker/CVE-2021-38205) An information leak was discovered in the xilinx\_emaclite network driver. On a custom kernel where this driver is enabled and used, this might make it easier to exploit other kernel bugs. * [CVE-2021-40490](https://security-tracker.debian.org/tracker/CVE-2021-40490) A race condition was discovered in the ext4 subsystem when writing to an inline\_data file while its xattrs are changing. This could result in denial of service. For Debian 9 stretch, these problems have been fixed in version 4.19.208-1~deb9u1. We recommend that you upgrade your linux-4.19 packages. For the detailed security status of linux-4.19 please refer to its security tracker page at: <https://security-tracker.debian.org/tracker/linux-4.19> Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: <https://wiki.debian.org/LTS>


Affected Software


CPE Name Name Version
linux-4.19 4.19.132-1~deb9u1
linux-4.19 4.19.132-1~deb9u2
linux-4.19 4.19.146-1~deb9u1
linux-4.19 4.19.152-1~deb9u1
linux-4.19 4.19.160-2~deb9u1
linux-4.19 4.19.171-2~deb9u1
linux-4.19 4.19.181-1~deb9u1
linux-4.19 4.19.194-1~deb9u1
linux-4.19 4.19.194-3~deb9u1

Related