Debian LTS: DLA-2483-1 Critical: Linux Kernel Privilege Escalation
debian lts
December 10, 2020
Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks
Summary
"Team bobfuzzer" reported a bug in Btrfs that could lead to an
assertion failure (WARN). A user permitted to mount and access
arbitrary filesystems could use this to cause a denial of service
(crash) if the panic_on_warn kernel parameter is set.
CVE-2019-19377
"Team bobfuzzer" reported a bug in Btrfs that could lead to a
use-after-free. A user permitted to mount and access arbitrary
filesystems could use this to cause a denial of service (crash or
memory corruption) or possibly for privilege escalation.
CVE-2019-19770
The syzbot tool discovered a race condition in the block I/O
tracer (blktrace) that could lead to a system crash. Since
blktrace can only be controlled by privileged users, the security
impact of this is unclear.
CVE-2019-19816
"Team bobfuzzer" reported a bug in Btrfs that could lead to an
out-of-bounds write. A user permitted to mount and access
arbitrary filesystems could use this to cause a denial of service
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
-------------------------------------------------------------------------Package: linux-4.19
Version: 4.19.160-2~deb9u1
CVE ID: CVE-2019-19039 CVE-2019-19377 CVE-2019-19770 CVE-2019-19816
Debian Bug: 949863 968623 971058
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!