Debian Security Advisory
DSA-4843-1 linux -- security update
- Date Reported:
- 01 Feb 2021
- Affected Packages:
- linux
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 970736, Bug 972345, Bug 977048, Bug 977615.
In Mitre's CVE dictionary: CVE-2020-27815, CVE-2020-27825, CVE-2020-27830, CVE-2020-28374, CVE-2020-29568, CVE-2020-29569, CVE-2020-29660, CVE-2020-29661, CVE-2020-36158, CVE-2021-3347, CVE-2021-20177. - More information:
-
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
- CVE-2020-27815
A flaw was reported in the JFS filesystem code allowing a local attacker with the ability to set extended attributes to cause a denial of service.
- CVE-2020-27825
Adam
pi3
Zabrocki reported a use-after-free flaw in the ftrace ring buffer resizing logic due to a race condition, which could result in denial of service or information leak. - CVE-2020-27830
Shisong Qin reported a NULL pointer dereference flaw in the Speakup screen reader core driver.
- CVE-2020-28374
David Disseldorp discovered that the LIO SCSI target implementation performed insufficient checking in certain XCOPY requests. An attacker with access to a LUN and knowledge of Unit Serial Number assignments can take advantage of this flaw to read and write to any LIO backstore, regardless of the SCSI transport settings.
- CVE-2020-29568 (XSA-349)
Michael Kurth and Pawel Wieczorkiewicz reported that frontends can trigger OOM in backends by updating a watched path.
- CVE-2020-29569 (XSA-350)
Olivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free flaw which can be triggered by a block frontend in Linux blkback. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend.
- CVE-2020-29660
Jann Horn reported a locking inconsistency issue in the tty subsystem which may allow a local attacker to mount a read-after-free attack against TIOCGSID.
- CVE-2020-29661
Jann Horn reported a locking issue in the tty subsystem which can result in a use-after-free. A local attacker can take advantage of this flaw for memory corruption or privilege escalation.
- CVE-2020-36158
A buffer overflow flaw was discovered in the mwifiex WiFi driver which could result in denial of service or the execution of arbitrary code via a long SSID value.
- CVE-2021-3347
It was discovered that PI futexes have a kernel stack use-after-free during fault handling. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.
- CVE-2021-20177
A flaw was discovered in the Linux implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) can take advantage of this flaw to cause a kernel panic when inserting iptables rules.
For the stable distribution (buster), these problems have been fixed in version 4.19.171-2.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux
- CVE-2020-27815