------------------------------------------------------------------------- Debian LTS Advisory DLA-2494-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Ben Hutchings December 18, 2020 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : linux Version : 4.9.246-2 CVE ID : CVE-2020-0427 CVE-2020-8694 CVE-2020-14351 CVE-2020-25645 CVE-2020-25656 CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-25705 CVE-2020-27673 CVE-2020-27675 CVE-2020-28974 Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks. CVE-2020-0427 Elena Petrova reported a bug in the pinctrl subsystem that can lead to a use-after-free after a device is renamed. The security impact of this is unclear. CVE-2020-8694 Multiple researchers discovered that the powercap subsystem allowed all users to read CPU energy meters, by default. On systems using Intel CPUs, this provided a side channel that could leak sensitive information between user processes, or from the kernel to user processes. The energy meters are now readable only by root, by default. This issue can be mitigated by running: chmod go-r /sys/devices/virtual/powercap/*/*/energy_uj This needs to be repeated each time the system is booted with an unfixed kernel version. CVE-2020-14351 A race condition was discovered in the performance events subsystem, which could lead to a use-after-free. A local user permitted to access performance events could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. Debian's kernel configuration does not allow unprivileged users to access peformance events by default, which fully mitigates this issue. CVE-2020-25645 A flaw was discovered in the interface driver for GENEVE encapsulated traffic when combined with IPsec. If IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel, tunneled data isn't correctly routed over the encrypted link and sent unencrypted instead. CVE-2020-25656 Yuan Ming and Bodong Zhao discovered a race condition in the virtual terminal (vt) driver that could lead to a use-after-free. A local user with the CAP_SYS_TTY_CONFIG capability could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. CVE-2020-25668 Yuan Ming and Bodong Zhao discovered a race condition in the virtual terminal (vt) driver that could lead to a use-after-free. A local user with access to a virtual terminal, or with the CAP_SYS_TTY_CONFIG capability, could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. CVE-2020-25669 Bodong Zhao discovered a bug in the Sun keyboard driver (sunkbd) that could lead to a use-after-free. On a system using this driver, a local user could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. CVE-2020-25704 kiyin(尹亮) discovered a potential memory leak in the performance events subsystem. A local user permitted to access performance events could use this to cause a denial of service (memory exhaustion). Debian's kernel configuration does not allow unprivileged users to access peformance events by default, which fully mitigates this issue. CVE-2020-25705 Keyu Man reported that strict rate-limiting of ICMP packet transmission provided a side-channel that could help networked attackers to carry out packet spoofing. In particular, this made it practical for off-path networked attackers to "poison" DNS caches with spoofed responses ("SAD DNS" attack). This issue has been mitigated by randomising whether packets are counted against the rate limit. CVE-2020-27673 / XSA-332 Julien Grall from Arm discovered a bug in the Xen event handling code. Where Linux was used in a Xen dom0, unprivileged (domU) guests could cause a denial of service (excessive CPU usage or hang) in dom0. CVE-2020-27675 / XSA-331 Jinoh Kang of Theori discovered a race condition in the Xen event handling code. Where Linux was used in a Xen dom0, unprivileged (domU) guests could cause a denial of service (crash) in dom0. CVE-2020-28974 Yuan Ming discovered a bug in the virtual terminal (vt) driver that could lead to an out-of-bounds read. A local user with access to a virtual terminal, or with the CAP_SYS_TTY_CONFIG capability, could possibly use this to obtain sensitive information from the kernel or to cause a denial of service (crash). The specific ioctl operation affected by this bug (KD_FONT_OP_COPY) has been disabled, as it is not believed that any programs depended on it. For Debian 9 stretch, these problems have been fixed in version 4.9.246-2. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- Ben Hutchings - Debian developer, member of kernel, installer and LTS teams
Attachment:
signature.asc
Description: PGP signature