Debian 9: DLA-2557-1 Critical: Linux-4.19 Denial of Service Issues
debian lts
February 12, 2021
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks
Summary
A flaw was reported in the JFS filesystem code allowing a local
attacker with the ability to set extended attributes to cause a
denial of service.
CVE-2020-27825
Adam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace
ring buffer resizing logic due to a race condition, which could
result in denial of service or information leak.
CVE-2020-27830
Shisong Qin reported a NULL pointer dereference flaw in the Speakup
screen reader core driver.
CVE-2020-28374
David Disseldorp discovered that the LIO SCSI target implementation
performed insufficient checking in certain XCOPY requests. An
attacker with access to a LUN and knowledge of Unit Serial Number
assignments can take advantage of this flaw to read and write to any
LIO backstore, regardless of the SCSI transport settings.
CVE-2020-29568 (XSA-349)
Michael Kurth and Pawel Wieczorkiewicz reported that frontends can
trigger OOM in backends by updating a watched path.
CVE-2020-29569 (XSA-350)
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
-------------------------------------------------------------------------Package: linux-4.19
Version: 4.19.171-2~deb9u1
CVE ID: CVE-2020-27815 CVE-2020-27825 CVE-2020-27830 CVE-2020-28374
Debian Bug: 970736 972345 977048 977615
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!