Debian LTS 4.9 Security Update DLA-2114-1: Critical Denial of Service
debian lts
March 2, 2020
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks
Summary
Wen Xu from SSLab at Gatech reported several NULL pointer
dereference flaws that may be triggered when mounting and
operating a crafted XFS volume. An attacker able to mount
arbitrary XFS volumes could use this to cause a denial of service
(crash).
CVE-2018-20976
It was discovered that the XFS file-system implementation did not
correctly handle some mount failure conditions, which could lead
to a use-after-free. The security impact of this is unclear.
CVE-2018-21008
It was discovered that the rsi wifi driver did not correctly
handle some failure conditions, which could lead to a use-after- free. The security impact of this is unclear.
CVE-2019-0136
It was discovered that the wifi soft-MAC implementation (mac80211)
did not properly authenticate Tunneled Direct Link Setup (TDLS)
messages. A nearby attacker could use this for denial of service
(loss of wifi connectivity).
CVE-2019-2215
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
<pre><font face="Courier">Package: linux-4.9
Version: 4.9.210-1~deb8u1
CVE ID: CVE-2018-13093 CVE-2018-13094 CVE-2018-20976 CVE-2018-21008
Debian Bug: 869511 945023
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!