Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Debian LTS: DLA-2690-1 Critical: Linux Kernel 4.19 Denial of Service

debian lts
Calendar Grey June 22, 2021
Dist Debian Esm H88
Ubuntu LTS USN-4873-1 exposes potential vulnerabilities leading to unauthorized access and privilege elevation. Update advised to enhance security.
Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service, or information leaks

Summary

Mathy Vanhoef discovered that many Wi-Fi implementations,
including Linux's mac80211, did not correctly implement reassembly
of fragmented packets. In some circumstances, an attacker within
range of a network could exploit these flaws to forge arbitrary
packets and/or to access sensitive data on that network.

CVE-2020-24588

Mathy Vanhoef discovered that most Wi-Fi implementations,
including Linux's mac80211, did not authenticate the "is
aggregated" packet header flag. An attacker within range of a
network could exploit this to forge arbitrary packets on that
network.

CVE-2020-25670, CVE-2020-25671, CVE-2021-23134

kiyin (尹亮) of TenCent discovered several reference counting bugs
in the NFC LLCP implementation which could lead to use-after-free.
A local user could exploit these for denial of service (crash or
memory corruption) or possibly for privilege escalation.

Nadav Markus and Or Cohen of Palo Alto Networks discovered that

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

-------------------------------------------------------------------------Package: linux-4.19
Version: 4.19.194-1~deb9u1
CVE ID: CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-25670
Debian Bug: 986949 988352 989451

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here