------------------------------------------------------------------------- Debian LTS Advisory DLA-2610-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Ben Hutchings March 30, 2021 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : linux-4.19 Version : 4.19.181-1~deb9u1 CVE ID : CVE-2020-27170 CVE-2020-27171 CVE-2021-3348 CVE-2021-3428 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660 Debian Bug : 983595 Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service, or information leaks. CVE-2020-27170, CVE-2020-27171 Piotr Krysiuk discovered flaws in the BPF subsystem's checks for information leaks through speculative execution. A local user could use these to obtain sensitive information from kernel memory. CVE-2021-3348 ADlab of venustech discovered a race condition in the nbd block driver that can lead to a use-after-free. A local user with access to an nbd block device could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. CVE-2021-3428 Wolfgang Frisch reported a potential integer overflow in the ext4 filesystem driver. A user permitted to mount arbitrary filesystem images could use this to cause a denial of service (crash). CVE-2021-26930 (XSA-365) Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Schönherr discovered that the Xen block backend driver (xen-blkback) did not handle grant mapping errors correctly. A malicious guest could exploit this bug to cause a denial of service (crash), or possibly an information leak or privilege escalation, within the domain running the backend, which is typically dom0. CVE-2021-26931 (XSA-362), CVE-2021-26932 (XSA-361), CVE-2021-28038 (XSA-367) Jan Beulich discovered that the Xen support code and various Xen backend drivers did not handle grant mapping errors correctly. A malicious guest could exploit these bugs to cause a denial of service (crash) within the domain running the backend, which is typically dom0. CVE-2021-27363 Adam Nichols reported that the iSCSI initiator subsystem did not properly restrict access to transport handle attributes in sysfs. On a system acting as an iSCSI initiator, this is an information leak to local users and makes it easier to exploit CVE-2021-27364. CVE-2021-27364 Adam Nichols reported that the iSCSI initiator subsystem did not properly restrict access to its netlink management interface. On a system acting as an iSCSI initiator, a local user could use these to cause a denial of service (disconnection of storage) or possibly for privilege escalation. CVE-2021-27365 Adam Nichols reported that the iSCSI initiator subsystem did not correctly limit the lengths of parameters or "passthrough PDUs" sent through its netlink management interface. On a system acting as an iSCSI initiator, a local user could use these to leak the contents of kernel memory, to cause a denial of service (kernel memory corruption or crash), and probably for privilege escalation. CVE-2021-28660 It was discovered that the rtl8188eu WiFi driver did not correctly limit the length of SSIDs copied into scan results. An attacker within WiFi range could use this to cause a denial of service (crash or memory corruption) or possibly to execute code on a vulnerable system. For Debian 9 stretch, these problems have been fixed in version 4.19.181-1~deb9u1. This update additionally fixes Debian bug #983595, and includes many more bug fixes from stable updates 4.19.172-4.19.181 inclusive. We recommend that you upgrade your linux-4.19 packages. For the detailed security status of linux-4.19 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux-4.19 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- Ben Hutchings [W]e found...that it wasn't as easy to get programs right as we had thought. I realized that a large part of my life from then on was going to be spent in finding mistakes in my own programs. - Maurice Wilkes, 1949
Attachment:
signature.asc
Description: PGP signature