Debian 8: DLA-1884-1 Critical: Linux Kernel Privilege Escalation
debian lts
August 13, 2019
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks
Topics Covered
Summary
Denis Andzakovic reported a missing type check in the IPv4 multicast
routing implementation. A user with the CAP_NET_ADMIN capability (in
any user namespace) could use this for denial-of-service (memory
corruption or crash) or possibly for privilege escalation.
CVE-2018-20836
chenxiang reported a race condition in libsas, the kernel
subsystem supporting Serial Attached SCSI (SAS) devices, which
could lead to a use-after-free. It is not clear how this might be
exploited.
CVE-2019-1125
It was discovered that most x86 processors could speculatively
skip a conditional SWAPGS instruction used when entering the
kernel from user mode, and/or could speculatively execute it when
it should be skipped. This is a subtype of Spectre variant 1,
which could allow local users to obtain sensitive information from
the kernel or other processes. It has been mitigated by using
memory barriers to limit speculative execution. Systems using an
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
<pre><font face="Courier">Package: linux
Version: 3.16.72-1
CVE ID: CVE-2017-18509 CVE-2018-20836 CVE-2019-1125 CVE-2019-3900
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!