Debian LTS: DLA-3690-2 Urgent: VMware Vulnerability Exposure Advisory
debian lts
June 22, 2021
Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service, or information leaks
Topics Covered
Summary
CVE-2020-24586, CVE-2020-24587, CVE-2020-26147
Mathy Vanhoef discovered that many Wi-Fi implementations,
including Linux's mac80211, did not correctly implement reassembly
of fragmented packets. In some circumstances, an attacker within
range of a network could exploit these flaws to forge arbitrary
packets and/or to access sensitive data on that network.
CVE-2020-24588
Mathy Vanhoef discovered that most Wi-Fi implementations,
including Linux's mac80211, did not authenticate the "is
aggregated" packet header flag. An attacker within range of a
network could exploit this to forge arbitrary packets on that
network.
CVE-2020-25670, CVE-2020-25671, CVE-2021-23134
kiyin (尹亮) of TenCent discovered several reference counting bugs
in the NFC LLCP implementation which could lead to use-after-free.
A local user could exploit these for denial of service (crash or
memory corruption) or possibly for privilege escalation.
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
-------------------------------------------------------------------------Package: linux
Version: 4.9.272-1
CVE ID: CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-25670
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!