Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Debian DSA-4699-1: Critical Security Update for Linux Kernel

debian
Calendar Grey June 9, 2020
Debian Logo
- ------------------------------------------------------------------------- Debian Security Advisory
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks

Summary

CVE-2019-3016

It was discovered that the KVM implementation for x86 did not
always perform TLB flushes when needed, if the paravirtualised
TLB flush feature was enabled. This could lead to disclosure of
sensitive information within a guest VM.

CVE-2019-19462

The syzkaller tool found a missing error check in the 'relay'
library used to implement various files under debugfs. A local
user permitted to access debugfs could use this to cause a denial
of service (crash) or possibly for privilege escalation.

CVE-2020-0543

Researchers at VU Amsterdam discovered that on some Intel CPUs
supporting the RDRAND and RDSEED instructions, part of a random
value generated by these instructions may be used in a later
speculative execution on any core of the same physical CPU.
Depending on how these instructions are used by applications, a
local user or VM guest could use this to obtain sensitive
information such as cryptographic keys from other users or VMs.

...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: linux
CVE ID: CVE-2019-3016 CVE-2019-19462 CVE-2020-0543 CVE-2020-10711

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here