Debian LTS: DLA-1731-1 Critical Privilege Escalation and DoS Risks
debian lts
March 27, 2019
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks
Topics Covered
Summary
A race condition was discovered in XFS that would result in a
crash (BUG). A local user permitted to write to an XFS volume
could use this for denial of service.
CVE-2017-5753
Further instances of code that was vulnerable to Spectre variant 1
(bounds-check bypass) have been mitigated.
CVE-2017-13305
A memory over-read was discovered in the keys subsystem's
encrypted key type. A local user could use this for denial of
service or possibly to read sensitive information.
CVE-2018-3639 (SSB)
Multiple researchers have discovered that Speculative Store Bypass
(SSB), a feature implemented in many processors, could be used to
read sensitive information from another context. In particular,
code in a software sandbox may be able to read sensitive
information from outside the sandbox. This issue is also known as
Spectre variant 4.
This update fixes bugs in the mitigations for SSB for AMD
processors.
CVE-2018-5848
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
<pre><font face="Courier">Package: linux
Version: 3.16.64-1
CVE ID: CVE-2016-10741 CVE-2017-5753 CVE-2017-13305 CVE-2018-3639
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!