logo
DATABASE RESOURCES PRICING ABOUT US

linux - security update

Description

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. * [CVE-2020-3702](https://security-tracker.debian.org/tracker/CVE-2020-3702) A flaw was found in the driver for Atheros IEEE 802.11n family of chipsets (ath9k) allowing information disclosure. * [CVE-2020-16119](https://security-tracker.debian.org/tracker/CVE-2020-16119) Hadar Manor reported a use-after-free in the DCCP protocol implementation in the Linux kernel. A local attacker can take advantage of this flaw to cause a denial of service or potentially to execute arbitrary code. * [CVE-2021-3653](https://security-tracker.debian.org/tracker/CVE-2021-3653) Maxim Levitsky discovered a vulnerability in the KVM hypervisor implementation for AMD processors in the Linux kernel: Missing validation of the `int\_ctl` VMCB field could allow a malicious L1 guest to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. The L2 guest can take advantage of this flaw to write to a limited but still relatively large subset of the host physical memory. * [CVE-2021-3656](https://security-tracker.debian.org/tracker/CVE-2021-3656) Maxim Levitsky and Paolo Bonzini discovered a flaw in the KVM hypervisor implementation for AMD processors in the Linux kernel. Missing validation of the `virt\_ext` VMCB field could allow a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. Under these circumstances, the L2 guest is able to run VMLOAD/VMSAVE unintercepted and thus read/write portions of the host's physical memory. * [CVE-2021-3679](https://security-tracker.debian.org/tracker/CVE-2021-3679) A flaw in the Linux kernel tracing module functionality could allow a privileged local user (with CAP\_SYS\_ADMIN capability) to cause a denial of service (resource starvation). * [CVE-2021-3732](https://security-tracker.debian.org/tracker/CVE-2021-3732) Alois Wohlschlager reported a flaw in the implementation of the overlayfs subsystem, allowing a local attacker with privileges to mount a filesystem to reveal files hidden in the original mount. * [CVE-2021-3739](https://security-tracker.debian.org/tracker/CVE-2021-3739) A NULL pointer dereference flaw was found in the btrfs filesystem, allowing a local attacker with CAP\_SYS\_ADMIN capabilities to cause a denial of service. * [CVE-2021-3743](https://security-tracker.debian.org/tracker/CVE-2021-3743) An out-of-bounds memory read was discovered in the Qualcomm IPC router protocol implementation, allowing to cause a denial of service or information leak. * [CVE-2021-3753](https://security-tracker.debian.org/tracker/CVE-2021-3753) Minh Yuan reported a race condition in the vt\_k\_ioctl in drivers/tty/vt/vt\_ioctl.c, which may cause an out of bounds read in vt. * [CVE-2021-37576](https://security-tracker.debian.org/tracker/CVE-2021-37576) Alexey Kardashevskiy reported a buffer overflow in the KVM subsystem on the powerpc platform, which allows KVM guest OS users to cause memory corruption on the host. * [CVE-2021-38160](https://security-tracker.debian.org/tracker/CVE-2021-38160) A flaw in the virtio\_console was discovered allowing data corruption or data loss by an untrusted device. * [CVE-2021-38166](https://security-tracker.debian.org/tracker/CVE-2021-38166) An integer overflow flaw in the BPF subsystem could allow a local attacker to cause a denial of service or potentially the execution of arbitrary code. This flaw is mitigated by default in Debian as unprivileged calls to bpf() are disabled. * [CVE-2021-38199](https://security-tracker.debian.org/tracker/CVE-2021-38199) Michael Wakabayashi reported a flaw in the NFSv4 client implementation, where incorrect connection setup ordering allows operations of a remote NFSv4 server to cause a denial of service. * [CVE-2021-40490](https://security-tracker.debian.org/tracker/CVE-2021-40490) A race condition was discovered in the ext4 subsystem when writing to an inline\_data file while its xattrs are changing. This could result in denial of service. * [CVE-2021-41073](https://security-tracker.debian.org/tracker/CVE-2021-41073) Valentina Palmiotti discovered a flaw in io\_uring allowing a local attacker to escalate privileges. For the stable distribution (bullseye), these problems have been fixed in version 5.10.46-5. This update includes fixes for #993948 and #993978. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: <https://security-tracker.debian.org/tracker/linux>


Affected Software


CPE Name Name Version
linux 5.10.46-4

Related