1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4698-1] linux security update (1/2)

    From Salvatore Bonaccorso@1:229/2 to All on Tue Jun 9 21:50:01 2020
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4698-1 [email protected] https://www.debian.org/security/ Ben Hutchings
    June 09, 2020 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : linux
    CVE ID : CVE-2019-2182 CVE-2019-5108 CVE-2019-19319 CVE-2019-19462
    CVE-2019-19768 CVE-2019-20806 CVE-2019-20811 CVE-2020-0543
    CVE-2020-2732 CVE-2020-8428 CVE-2020-8647 CVE-2020-8648
    CVE-2020-8649 CVE-2020-9383 CVE-2020-10711 CVE-2020-10732
    CVE-2020-10751 CVE-2020-10757 CVE-2020-10942 CVE-2020-11494
    CVE-2020-11565 CVE-2020-11608 CVE-2020-11609 CVE-2020-11668
    CVE-2020-12114 CVE-2020-12464 CVE-2020-12652 CVE-2020-12653
    CVE-2020-12654 CVE-2020-12770 CVE-2020-13143
    Debian Bug : 952660

    Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a privilege escalation, denial of service or information
    leaks.

    CVE-2019-2182

    Hanjun Guo and Lei Li reported a race condition in the arm64
    virtual memory management code, which could lead to an information
    disclosure, denial of service (crash), or possibly privilege
    escalation.

    CVE-2019-5108

    Mitchell Frank of Cisco discovered that when the IEEE 802.11
    (WiFi) stack was used in AP mode with roaming, it would trigger
    roaming for a newly associated station before the station was
    authenticated. An attacker within range of the AP could use this
    to cause a denial of service, either by filling up a switching
    table or by redirecting traffic away from other stations.

    CVE-2019-19319

    Jungyeon discovered that a crafted filesystem can cause the ext4
    implementation to deallocate or reallocate journal blocks. A user
    permitted to mount filesystems could use this to cause a denial of
    service (crash), or possibly for privilege escalation.

    CVE-2019-19462

    The syzbot tool found a missing error check in the 'relay'
    library used to implement various files under debugfs. A local
    user permitted to access debugfs could use this to cause a denial
    of service (crash) or possibly for privilege escalation.

    CVE-2019-19768

    Tristan Madani reported a race condition in the blktrace debug
    facility that could result in a use-after-free. A local user able
    to trigger removal of block devices could possibly use this to
    cause a denial of service (crash) or for privilege escalation.

    CVE-2019-20806

    A potential null pointer dereference was discovered in the tw5864
    media driver. The security impact of this is unclear.

    CVE-2019-20811

    The Hulk Robot tool found a reference-counting bug in an error
    path in the network subsystem. The security impact of this is
    unclear.

    CVE-2020-0543

    Researchers at VU Amsterdam discovered that on some Intel CPUs
    supporting the RDRAND and RDSEED instructions, part of a random
    value generated by these instructions may be used in a later
    speculative execution on any core of the same physical CPU.
    Depending on how these instructions are used by applications, a
    local user or VM guest could use this to obtain sensitive
    information such as cryptographic keys from other users or VMs.

    This vulnerability can be mitigated by a microcode update, either
    as part of system firmware (BIOS) or through the intel-microcode
    package in Debian's non-free archive section. This kernel update
    only provides reporting of the vulnerability and the option to
    disable the mitigation if it is not needed.

    CVE-2020-2732

    Paulo Bonzini discovered that the KVM implementation for Intel
    processors did not properly handle instruction emulation for L2
    guests when nested virtualization is enabled. This could allow an
    L2 guest to cause privilege escalation, denial of service, or
    information leaks in the L1 guest.

    CVE-2020-8428

    Al Viro discovered a potential use-after-free in the filesystem
    core (vfs). A local user could exploit this to cause a denial of
    service (crash) or possibly to obtain sensitive information from
    the kernel.

    CVE-2020-8647, CVE-2020-8649

    The Hulk Robot tool found a potential MMIO out-of-bounds access in
    the vgacon driver. A local user permitted to access a virtual
    terminal (/dev/tty1 etc.) on a system using the vgacon driver
    could use this to cause a denial of service (crash or memory
    corruption) or possibly for privilege escalation.

    CVE-2020-8648

    The syzbot tool found a race condition in the the virtual terminal
    driver, which could result in a use-after-free. A local user
    permitted to access a virtual terminal could use this to cause a
    denial of service (crash or memory corruption) or possibly for
    privilege escalation.

    CVE-2020-9383

    Jordy Zomer reported an incorrect range check in the floppy driver
    which could lead to a static out-of-bounds access. A local user

    [continued in next message]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)