Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 635
Alerts This Week
Warning Icon 1 635

Debian 8: DLA-1531-1 Critical: Linux Privilege Escalation Issues

debian lts
Calendar Grey October 4, 2018
Dist Debian Esm H88
Debian LTS resolves urgent linux-4.9 kernel concerns that pose various threats, resulting in heightened vulnerabilities.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks

Summary

A memory leak in the irda_bind function in the irda subsystem was
discovered. A local user can take advantage of this flaw to cause a
denial of service (memory consumption).

CVE-2018-6555

A flaw was discovered in the irda_setsockopt function in the irda
subsystem, allowing a local user to cause a denial of service
(use-after-free and system crash).

CVE-2018-7755

Brian Belleville discovered a flaw in the fd_locked_ioctl function
in the floppy driver in the Linux kernel. The floppy driver copies a
kernel pointer to user memory in response to the FDGETPRM ioctl. A
local user with access to a floppy drive device can take advantage
of this flaw to discover the location kernel code and data.

CVE-2018-9363

It was discovered that the Bluetooth HIDP implementation did not
correctly check the length of received report messages. A paired
HIDP device could use this to cause a buffer overflow, leading to

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

<pre><font face="Courier">Package: linux-4.9
Version: 4.9.110-3+deb9u5~deb8u1
CVE ID: CVE-2018-6554 CVE-2018-6555 CVE-2018-7755 CVE-2018-9363

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.