Debian 9 Critical: DLA-2940-1 Privilege Escalation and DoS Fixes
debian lts
March 9, 2022
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks
Summary
CVE-2021-3640
LinMa of BlockSec Team discovered a race condition in the
Bluetooth SCO implementation that can lead to a use-after-free. A
local user could exploit this to cause a denial of service (memory
corruption or crash) or possibly for privilege escalation.
CVE-2021-3752
Likang Luo of NSFOCUS Security Team discovered a flaw in the
Bluetooth L2CAP implementation that can lead to a user-after-free.
A local user could exploit this to cause a denial of service
(memory corruption or crash) or possibly for privilege escalation.
CVE-2021-4002
It was discovered that hugetlbfs, the virtual filesystem used by
applications to allocate huge pages in RAM, did not flush the
CPU's TLB in one case where it was necessary. In some
circumstances a local user would be able to read and write huge
pages after they are freed and reallocated to a different process.
This could lead to privilege escalation, denial of service or
information leaks.
CVE-2021-4083
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: linux
Version: 4.9.303-1
CVE ID: CVE-2021-3640 CVE-2021-3752 CVE-2021-4002 CVE-2021-4083
Debian Bug: 990411
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!