Debian: DLA-2941-1 Critical: Linux 4.19 Privilege Escalation & DoS Fix
debian lts
March 9, 2022
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks
Summary
CVE-2020-29374
Jann Horn of Google reported a flaw in Linux's virtual memory
management. A parent and child process initially share all their
memory, but when either writes to a shared page, the page is
duplicated and unshared (copy-on-write). However, in case an
operation such as vmsplice() required the kernel to take an
additional reference to a shared page, and a copy-on-write occurs during this operation, the kernel might have accessed the wrong
process's memory. For some programs, this could lead to an
information leak or data corruption.
This issue was already fixed for most architectures, but not on
MIPS and System z. This update corrects that.
CVE-2020-36322, CVE-2021-28950
The syzbot tool found that the FUSE (filesystem-in-user-space)
implementation did not correctly handle a FUSE server returning
invalid attributes for a file. A local user permitted to run a
FUSE server could use this to cause a denial of service (crash).
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: linux-4.19
Version: 4.19.232-1~deb9u1
CVE ID: CVE-2020-29374 CVE-2020-36322 CVE-2021-3640 CVE-2021-3744
Debian Bug: 988044 989285 990411 994050
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!