Debian LTS: DLA-1771-1 Critical: linux-4.9 Privilege Escalation Risk
debian lts
May 3, 2019
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks
Topics Covered
Summary
A use-after-free bug was found in the vhost driver for the Virtual
Socket protocol. If this driver is used to communicate with a
malicious virtual machine guest, the guest could read sensitive
information from the host kernel.
CVE-2018-16884
A flaw was found in the NFS 4.1 client implementation. Mounting
NFS shares in multiple network namespaces at the same time could
lead to a user-after-free. Local users might be able to use this
for denial of service (memory corruption or crash) or possibly
for privilege escalation.
This can be mitigated by disabling unprivileged users from
creating user namespaces, which is the default in Debian.
CVE-2018-19824
Hui Peng and Mathias Payer discovered a use-after-free bug in the
USB audio driver. A physically present attacker able to attach a
specially designed USB device could use this for privilege
escalation.
CVE-2018-19985
Hui Peng and Mathias Payer discovered a missing bounds check in the
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
<pre><font face="Courier">Package: linux-4.9
Version: 4.9.168-1~deb8u1
CVE ID: CVE-2018-14625 CVE-2018-16884 CVE-2018-19824 CVE-2018-19985
Debian Bug: 904385 918103 922306
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!