Debian: DLA-1885-1 Moderate: Linux 4.9 Security Update Details
debian lts
August 14, 2019
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks
Summary
Denis Andzakovic reported a missing type check in the IPv4 multicast
routing implementation. A user with the CAP_NET_ADMIN capability (in
any user namespace) could use this for denial-of-service (memory
corruption or crash) or possibly for privilege escalation.
CVE-2018-5995
ADLab of VenusTech discovered that the kernel logged the virtual
addresses assigned to per-CPU data, which could make it easier to
exploit other vulnerabilities.
CVE-2018-20836
chenxiang reported a race condition in libsas, the kernel
subsystem supporting Serial Attached SCSI (SAS) devices, which
could lead to a use-after-free. It is not clear how this might be
exploited.
CVE-2018-20856
Xiao Jin reported a potential double-free in the block subsystem,
in case an error occurs while initialising the I/O scheduler for a
block device. It is not clear how this might be exploited.
CVE-2019-1125
It was discovered that most x86 processors could speculatively
PREVIOUS
NEXT
<pre><font face="Courier">Package: linux-4.9
Version: 4.9.168-1+deb9u5~deb8u1
CVE ID: CVE-2017-18509 CVE-2018-5995 CVE-2018-20836 CVE-2018-20856
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!