Linux Security
    Linux Security
    Linux Security

    Debian LTS: DLA-2420-2: linux regression update

    Date 31 Oct 2020
    840
    Posted By LinuxSecurity Advisories
    This update corrects a regression in some Xen virtual machine environments. For reference the original advisory text follows. Several vulnerabilities have been discovered in the Linux kernel that
    -------------------------------------------------------------------------
    Debian LTS Advisory DLA-2420-2                This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/lts/security/                        Ben Hutchings
    October 31, 2020                              https://wiki.debian.org/LTS
    -------------------------------------------------------------------------
    
    Package        : linux
    Version        : 4.9.240-2
    CVE ID         : CVE-2019-9445 CVE-2019-19073 CVE-2019-19074 CVE-2019-19448
                     CVE-2020-12351 CVE-2020-12352 CVE-2020-12655 CVE-2020-12771
                     CVE-2020-12888 CVE-2020-14305 CVE-2020-14314 CVE-2020-14331
                     CVE-2020-14356 CVE-2020-14386 CVE-2020-14390 CVE-2020-15393
                     CVE-2020-16166 CVE-2020-24490 CVE-2020-25211 CVE-2020-25212
                     CVE-2020-25220 CVE-2020-25284 CVE-2020-25285 CVE-2020-25641
                     CVE-2020-25643 CVE-2020-26088
    
    This update corrects a regression in some Xen virtual machine
    environments.  For reference the original advisory text follows.
    
    Several vulnerabilities have been discovered in the Linux kernel that
    may lead to the execution of arbitrary code, privilege escalation,
    denial of service or information leaks.
    
    CVE-2019-9445
    
        A potential out-of-bounds read was discovered in the F2FS
        implementation.  A user permitted to mount and access arbitrary
        filesystems could potentially use this to cause a denial of
        service (crash) or to read sensitive information.
    
    CVE-2019-19073, CVE-2019-19074
    
        Navid Emamdoost discovered potential memory leaks in the ath9k and
        ath9k_htc drivers.  The security impact of these is unclear.
    
    CVE-2019-19448
    
        "Team bobfuzzer" reported a bug in Btrfs that could lead to a
        use-after-free, and could be triggered by crafted filesystem
        images.  A user permitted to mount and access arbitrary
        filesystems could use this to cause a denial of service (crash or
        memory corruption) or possibly for privilege escalation.
    
    CVE-2020-12351
    
        Andy Nguyen discovered a flaw in the Bluetooth implementation in
        the way L2CAP packets with A2MP CID are handled.  A remote attacker
        within a short distance, knowing the victim's Bluetooth device
        address, can send a malicious l2cap packet and cause a denial of
        service or possibly arbitrary code execution with kernel
        privileges.
    
    CVE-2020-12352
    
        Andy Nguyen discovered a flaw in the Bluetooth implementation.
        Stack memory is not properly initialised when handling certain AMP
        packets.  A remote attacker within a short distance, knowing the
        victim's Bluetooth device address address, can retrieve kernel
        stack information.
    
    CVE-2020-12655
    
        Zheng Bin reported that crafted XFS volumes could trigger a system
        hang.  An attacker able to mount such a volume could use this to
        cause a denial of service.
    
    CVE-2020-12771
    
        Zhiqiang Liu reported a bug in the bcache block driver that could
        lead to a system hang.  The security impact of this is unclear.
    
    CVE-2020-12888
    
        It was discovered that the PCIe Virtual Function I/O (vfio-pci)
        driver allowed users to disable a device's memory space while it
        was still mapped into a process.  On some hardware platforms,
        local users or guest virtual machines permitted to access PCIe
        Virtual Functions could use this to cause a denial of service
        (hardware error and crash).
    
    CVE-2020-14305
    
        Vasily Averin of Virtuozzo discovered a potential heap buffer
        overflow in the netfilter nf_contrack_h323 module.  When this
        module is used to perform connection tracking for TCP/IPv6, a
        remote attacker could use this to cause a denial of service (crash
        or memory corruption) or possibly for remote code execution with
        kernel privilege.
    
    CVE-2020-14314
    
        A bug was discovered in the ext4 filesystem that could lead to an
        out-of-bound read.  A local user permitted to mount and access
        arbitrary filesystem images could use this to cause a denial of
        service (crash).
    
    CVE-2020-14331
    
        A bug was discovered in the VGA console driver's soft-scrollback
        feature that could lead to a heap buffer overflow.  On a system
        with a custom kernel that has CONFIG_VGACON_SOFT_SCROLLBACK
        enabled, a local user with access to a console could use this to
        cause a denial of service (crash or memory corruption) or possibly
        for privilege escalation.
    
    CVE-2020-14356, CVE-2020-25220
    
        A bug was discovered in the cgroup subsystem's handling of socket
        references to cgroups.  In some cgroup configurations, this could
        lead to a use-after-free.  A local user might be able to use this
        to cause a denial of service (crash or memory corruption) or
        possibly for privilege escalation.
    
        The original fix for this bug introudced a new security issue,
        which is also addressed in this update.
    
    CVE-2020-14386
    
        Or Cohen discovered a bug in the packet socket (AF_PACKET)
        implementation which could lead to a heap buffer overflow.  A
        local user with the CAP_NET_RAW capability (in any user namespace)
        could use this to cause a denial of service (crash or memory
        corruption) or possibly for privilege escalation.
    
    CVE-2020-14390
    
        Minh Yuan discovered a bug in the framebuffer console driver's
        scrollback feature that could lead to a heap buffer overflow.  On
        a system using framebuffer consoles, a local user with access to a
        console could use this to cause a denial of service (crash or
        memory corruption) or possibly for privilege escalation.
    
        The scrollback feature has been disabled for now, as no other fix
        was available for this issue.
    
    CVE-2020-15393
    
        Kyungtae Kim reported a memory leak in the usbtest driver.  The
        security impact of this is unclear.
    
    CVE-2020-16166
    
        Amit Klein reported that the random number generator used by the
        network stack might not be re-seeded for long periods of time,
        making e.g. client port number allocations more predictable.  This
        made it easier for remote attackers to carry out some network-
        based attacks such as DNS cache poisoning or device tracking.
    
    CVE-2020-24490
    
        Andy Nguyen discovered a flaw in the Bluetooth implementation that
        can lead to a heap buffer overflow.  On systems with a Bluetooth 5
        hardware interface, a remote attacker within a short distance can
        use this to cause a denial of service (crash or memory corruption)
        or possibly for remote code execution with kernel privilege.
    
    CVE-2020-25211
    
        A flaw was discovered in netfilter subsystem.  A local attacker
        able to inject conntrack Netlink configuration can cause a denial
        of service.
    
    CVE-2020-25212
    
        A bug was discovered in the NFSv4 client implementation that could
        lead to a heap buffer overflow.  A malicious NFS server could use
        this to cause a denial of service (crash or memory corruption) or
        possibly to execute arbitrary code on the client.
    
    CVE-2020-25284
    
        It was discovered that the Rados block device (rbd) driver allowed
        tasks running as uid 0 to add and remove rbd devices, even if they
        dropped capabilities.  On a system with the rbd driver loaded,
        this might allow privilege escalation from a container with a task
        running as root.
    
    CVE-2020-25285
    
        A race condition was discovered in the hugetlb filesystem's sysctl
        handlers, that could lead to stack corruption.  A local user
        permitted to write to hugepages sysctls could use this to cause a
        denial of service (crash or memory corruption) or possibly for
        privilege escalation.  By default only the root user can do this.
    
    CVE-2020-25641
    
        The syzbot tool found a bug in the block layer that could lead to
        an infinite loop.  A local user with access to a raw block device
        could use this to cause a denial of service (unbounded CPU use and
        possible system hang).
    
    CVE-2020-25643
    
        ChenNan Of Chaitin Security Research Lab discovered a flaw in the
        hdlc_ppp module.  Improper input validation in the ppp_cp_parse_cr()
        function may lead to memory corruption and information disclosure.
    
    CVE-2020-26088
    
        It was discovered that the NFC (Near Field Communication) socket
        implementation allowed any user to create raw sockets.  On a
        system with an NFC interface, this allowed local users to evade
        local network security policy.
    
    For Debian 9 stretch, these problems have been fixed in version
    4.9.240-1.  This update additionally includes many more bug fixes from
    stable updates 4.9.229-4.9.240 inclusive.
    
    We recommend that you upgrade your linux packages.
    
    For the detailed security status of linux please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/linux
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    -- 
    Ben Hutchings - Debian developer, member of kernel, installer and LTS teams
    

    Advisories

    LinuxSecurity Poll

    How long have you been using Linux?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/46-how-long-have-you-been-using-linux?task=poll.vote&format=json
    46
    radio
    [{"id":"160","title":"Just made the switch!","votes":"3","type":"x","order":"1","pct":9.68,"resources":[]},{"id":"161","title":"1-5 years","votes":"5","type":"x","order":"2","pct":16.13,"resources":[]},{"id":"162","title":"6-10 years","votes":"1","type":"x","order":"3","pct":3.23,"resources":[]},{"id":"163","title":">10 years - I'm a veteran!","votes":"22","type":"x","order":"4","pct":70.97,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.