Debian 9 Stretch DLA-2494-1 Critical Kernel Issues: Multiple Threats
debian lts
December 18, 2020
Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks
Summary
Elena Petrova reported a bug in the pinctrl subsystem that can
lead to a use-after-free after a device is renamed. The security
impact of this is unclear.
CVE-2020-8694
Multiple researchers discovered that the powercap subsystem
allowed all users to read CPU energy meters, by default. On
systems using Intel CPUs, this provided a side channel that could
leak sensitive information between user processes, or from the
kernel to user processes. The energy meters are now readable only
by root, by default.
This issue can be mitigated by running:
chmod go-r /sys/devices/virtual/powercap/*/*/energy_uj
This needs to be repeated each time the system is booted with
an unfixed kernel version.
CVE-2020-14351
A race condition was discovered in the performance events
subsystem, which could lead to a use-after-free. A local user
permitted to access performance events could use this to cause a
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
-------------------------------------------------------------------------Package: linux
Version: 4.9.246-2
CVE ID: CVE-2020-0427 CVE-2020-8694 CVE-2020-14351 CVE-2020-25645
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!