Debian: DSA-4698-1: linux security update

    Date 09 Jun 2020
    143
    Posted By LinuxSecurity Advisories
    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-4698-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                            Ben Hutchings
    June 09, 2020                         https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : linux
    CVE ID         : CVE-2019-2182 CVE-2019-5108 CVE-2019-19319 CVE-2019-19462
                     CVE-2019-19768 CVE-2019-20806 CVE-2019-20811 CVE-2020-0543
                     CVE-2020-2732 CVE-2020-8428 CVE-2020-8647 CVE-2020-8648
                     CVE-2020-8649 CVE-2020-9383 CVE-2020-10711 CVE-2020-10732
                     CVE-2020-10751 CVE-2020-10757 CVE-2020-10942 CVE-2020-11494
                     CVE-2020-11565 CVE-2020-11608 CVE-2020-11609 CVE-2020-11668
                     CVE-2020-12114 CVE-2020-12464 CVE-2020-12652 CVE-2020-12653
                     CVE-2020-12654 CVE-2020-12770 CVE-2020-13143
    Debian Bug     : 952660
    
    Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a privilege escalation, denial of service or information
    leaks.
    
    CVE-2019-2182
    
        Hanjun Guo and Lei Li reported a race condition in the arm64
        virtual memory management code, which could lead to an information
        disclosure, denial of service (crash), or possibly privilege
        escalation.
    
    CVE-2019-5108
    
        Mitchell Frank of Cisco discovered that when the IEEE 802.11
        (WiFi) stack was used in AP mode with roaming, it would trigger
        roaming for a newly associated station before the station was
        authenticated.  An attacker within range of the AP could use this
        to cause a denial of service, either by filling up a switching
        table or by redirecting traffic away from other stations.
    
    CVE-2019-19319
    
        Jungyeon discovered that a crafted filesystem can cause the ext4
        implementation to deallocate or reallocate journal blocks.  A user
        permitted to mount filesystems could use this to cause a denial of
        service (crash), or possibly for privilege escalation.
    
    CVE-2019-19462
    
        The syzbot tool found a missing error check in the 'relay'
        library used to implement various files under debugfs.  A local
        user permitted to access debugfs could use this to cause a denial
        of service (crash) or possibly for privilege escalation.
    
    CVE-2019-19768
    
        Tristan Madani reported a race condition in the blktrace debug
        facility that could result in a use-after-free.  A local user able
        to trigger removal of block devices could possibly use this to
        cause a denial of service (crash) or for privilege escalation.
    
    CVE-2019-20806
    
        A potential null pointer dereference was discovered in the tw5864
        media driver.  The security impact of this is unclear.
    
    CVE-2019-20811
    
        The Hulk Robot tool found a reference-counting bug in an error
        path in the network subsystem.  The security impact of this is
        unclear.
    
    CVE-2020-0543
    
        Researchers at VU Amsterdam discovered that on some Intel CPUs
        supporting the RDRAND and RDSEED instructions, part of a random
        value generated by these instructions may be used in a later
        speculative execution on any core of the same physical CPU.
        Depending on how these instructions are used by applications, a
        local user or VM guest could use this to obtain sensitive
        information such as cryptographic keys from other users or VMs.
    
        This vulnerability can be mitigated by a microcode update, either
        as part of system firmware (BIOS) or through the intel-microcode
        package in Debian's non-free archive section.  This kernel update
        only provides reporting of the vulnerability and the option to
        disable the mitigation if it is not needed.
    
    CVE-2020-2732
    
        Paulo Bonzini discovered that the KVM implementation for Intel
        processors did not properly handle instruction emulation for L2
        guests when nested virtualization is enabled. This could allow an
        L2 guest to cause privilege escalation, denial of service, or
        information leaks in the L1 guest.
    
    CVE-2020-8428
    
        Al Viro discovered a potential use-after-free in the filesystem
        core (vfs).  A local user could exploit this to cause a denial of
        service (crash) or possibly to obtain sensitive information from
        the kernel.
    
    CVE-2020-8647, CVE-2020-8649
    
        The Hulk Robot tool found a potential MMIO out-of-bounds access in
        the vgacon driver.  A local user permitted to access a virtual
        terminal (/dev/tty1 etc.) on a system using the vgacon driver
        could use this to cause a denial of service (crash or memory
        corruption) or possibly for privilege escalation.
    
    CVE-2020-8648
    
        The syzbot tool found a race condition in the the virtual terminal
        driver, which could result in a use-after-free.  A local user
        permitted to access a virtual terminal could use this to cause a
        denial of service (crash or memory corruption) or possibly for
        privilege escalation.
    
    CVE-2020-9383
    
        Jordy Zomer reported an incorrect range check in the floppy driver
        which could lead to a static out-of-bounds access.  A local user
        permitted to access a floppy drive could use this to cause a
        denial of service (crash or memory corruption) or possibly for
        privilege escalation.
    
    CVE-2020-10711
    
        Matthew Sheets reported NULL pointer dereference issues in the
        SELinux subsystem while receiving CIPSO packet with null category. A
        remote attacker can take advantage of this flaw to cause a denial of
        service (crash). Note that this issue does not affect the binary
        packages distributed in Debian as CONFIG_NETLABEL is not enabled.
    
    CVE-2020-10732
    
        An information leak of kernel private memory to userspace was found
        in the kernel's implementation of core dumping userspace processes.
    
    CVE-2020-10751
    
        Dmitry Vyukov reported that the SELinux subsystem did not properly
        handle validating multiple messages, which could allow a privileged
        attacker to bypass SELinux netlink restrictions.
    
    CVE-2020-10757
    
        Fan Yang reported a flaw in the way mremap handled DAX hugepages,
        allowing a local user to escalate their privileges
    
    CVE-2020-10942
    
        It was discovered that the vhost_net driver did not properly
        validate the type of sockets set as back-ends. A local user
        permitted to access /dev/vhost-net could use this to cause a stack
        corruption via crafted system calls, resulting in denial of
        service (crash) or possibly privilege escalation.
    
    CVE-2020-11494
    
        It was discovered that the slcan (serial line CAN) network driver
        did not fully initialise CAN headers for received packets,
        resulting in an information leak from the kernel to user-space or
        over the CAN network.
    
    CVE-2020-11565
    
        Entropy Moe reported that the shared memory filesystem (tmpfs) did
        not correctly handle an "mpol" mount option specifying an empty
        node list, leading to a stack-based out-of-bounds write. If user
        namespaces are enabled, a local user could use this to cause a
        denial of service (crash) or possibly for privilege escalation.
    
    CVE-2020-11608, CVE-2020-11609, CVE-2020-11668
    
        It was discovered that the ov519, stv06xx, and xirlink_cit media
        drivers did not properly validate USB device descriptors.  A
        physically present user with a specially constructed USB device
        could use this to cause a denial-of-service (crash) or possibly
        for privilege escalation.
    
    CVE-2020-12114
    
        Piotr Krysiuk discovered a race condition between the umount and
        pivot_root operations in the filesystem core (vfs).  A local user
        with the CAP_SYS_ADMIN capability in any user namespace could use
        this to cause a denial of service (crash).
    
    CVE-2020-12464
    
        Kyungtae Kim reported a race condition in the USB core that can
        result in a use-after-free.  It is not clear how this can be
        exploited, but it could result in a denial of service (crash or
        memory corruption) or privilege escalation.
    
    CVE-2020-12652
    
        Tom Hatskevich reported a bug in the mptfusion storage drivers.
        An ioctl handler fetched a parameter from user memory twice,
        creating a race condition which could result in incorrect locking
        of internal data structures.  A local user permitted to access
        /dev/mptctl could use this to cause a denial of service (crash or
        memory corruption) or for privilege escalation.
    
    CVE-2020-12653
    
        It was discovered that the mwifiex WiFi driver did not
        sufficiently validate scan requests, resulting a potential heap
        buffer overflow.  A local user with CAP_NET_ADMIN capability could
        use this to cause a denial of service (crash or memory corruption)
        or possibly for privilege escalation.
    
    CVE-2020-12654
    
        It was discovered that the mwifiex WiFi driver did not
        sufficiently validate WMM parameters received from an access point
        (AP), resulting a potential heap buffer overflow.  A malicious AP
        could use this to cause a denial of service (crash or memory
        corruption) or possibly to execute code on a vulnerable system.
    
    CVE-2020-12770
    
        It was discovered that the sg (SCSI generic) driver did not
        correctly release internal resources in a particular error case.
        A local user permitted to access an sg device could possibly use
        this to cause a denial of service (resource exhaustion).
    
    CVE-2020-13143
    
        Kyungtae Kim reported a potential heap out-of-bounds write in
        the USB gadget subsystem.  A local user permitted to write to
        the gadget configuration filesystem could use this to cause a
        denial of service (crash or memory corruption) or potentially
        for privilege escalation.
    
    For the oldstable distribution (stretch), these problems have been
    fixed in version 4.9.210-1+deb9u1.  This version also fixes some
    related bugs that do not have their own CVE IDs, and a regression in
    the macvlan driver introduced in the previous point release (bug
    #952660).
    
    We recommend that you upgrade your linux packages.
    
    For the detailed security status of linux please refer to its security
    tracker page at:
    https://security-tracker.debian.org/tracker/linux
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    If you are using full-disk encryption: are you concerned about the resulting performance hit?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/34-if-you-are-using-full-disk-encryption-are-you-concerned-about-the-resulting-performance-hit?task=poll.vote&format=json
    34
    radio
    [{"id":"120","title":"Yes","votes":"14","type":"x","order":"1","pct":60.87,"resources":[]},{"id":"121","title":"No ","votes":"9","type":"x","order":"2","pct":39.13,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.