Debian: DLA-2385-1 Critical: linux-4.19 Denial Of Service Risks
debian lts
September 28, 2020
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak
Summary
Kernel buffers allocated by the SCTP network protocol were not
limited by the memory cgroup controller. A local user could
potentially use this to evade container memory limits and to cause
a denial of service (excessive memory use).
CVE-2019-19448, CVE-2019-19813, CVE-2019-19816
"Team bobfuzzer" reported bugs in Btrfs that could lead to a
use-after-free or heap buffer overflow, and could be triggered by
crafted filesystem images. A user permitted to mount and access
arbitrary filesystems could use these to cause a denial of service
(crash or memory corruption) or possibly for privilege escalation.
CVE-2020-10781
Luca Bruno of Red Hat discovered that the zram control file
/sys/class/zram-control/hot_add was readable by all users. On a
system with zram enabled, a local user could use this to cause a
denial of service (memory exhaustion).
CVE-2020-12888
It was discovered that the PCIe Virtual Function I/O (vfio-pci)
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
-------------------------------------------------------------------------Package: linux-4.19
Version: 4.19.146-1~deb9u1
CVE ID: CVE-2019-3874 CVE-2019-19448 CVE-2019-19813 CVE-2019-19816
Debian Bug: 966846 966917 968567
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!