Debian LTS 9: DLA-2785-1 Critical: Linux Kernel Privilege Escalation
debian lts
October 15, 2021
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks
Summary
A flaw was found in the driver for Atheros IEEE 802.11n family of
chipsets (ath9k) allowing information disclosure.
CVE-2020-16119
Hadar Manor reported a use-after-free in the DCCP protocol
implementation in the Linux kernel. A local attacker can take
advantage of this flaw to cause a denial of service or potentially
to execute arbitrary code.
CVE-2021-3444, CVE-2021-3600
Two flaws were discovered in the Extended BPF (eBPF) verifier. A
local user could exploit these to read and write arbitrary memory
in the kernel, which could be used for privilege escalation.
This can be mitigated by setting sysctl
kernel.unprivileged_bpf_disabled=1, which disables eBPF use by
unprivileged users.
CVE-2021-3612
Murray McAllister reported a flaw in the joystick input subsystem.
A local user permitted to access a joystick device could exploit
this to read and write out-of-bounds in the kernel, which could
be used for privilege escalation.
CVE-2021-3653
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
-------------------------------------------------------------------------Package: linux-4.19
Version: 4.19.208-1~deb9u1
CVE ID: CVE-2020-3702 CVE-2020-16119 CVE-2021-3444 CVE-2021-3600
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!