Security Information / 2021 / Security Information -- DSA-4978-1 linux

Debian Security Advisory

DSA-4978-1 linux -- security update

Date Reported:

25 Sep 2021

Affected Packages:

linux

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 993948, Bug 993978.
In Mitre's CVE dictionary: CVE-2020-3702, CVE-2020-16119, CVE-2021-3653, CVE-2021-3656, CVE-2021-3679, CVE-2021-3732, CVE-2021-3739, CVE-2021-3743, CVE-2021-3753, CVE-2021-37576, CVE-2021-38160, CVE-2021-38166, CVE-2021-38199, CVE-2021-40490, CVE-2021-41073.

More information:

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

• CVE-2020-3702

  A flaw was found in the driver for Atheros IEEE 802.11n family of chipsets (ath9k) allowing information disclosure.

• CVE-2020-16119

  Hadar Manor reported a use-after-free in the DCCP protocol implementation in the Linux kernel. A local attacker can take advantage of this flaw to cause a denial of service or potentially to execute arbitrary code.

• CVE-2021-3653

  Maxim Levitsky discovered a vulnerability in the KVM hypervisor implementation for AMD processors in the Linux kernel: Missing validation of the `int_ctl` VMCB field could allow a malicious L1 guest to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. The L2 guest can take advantage of this flaw to write to a limited but still relatively large subset of the host physical memory.

• CVE-2021-3656

  Maxim Levitsky and Paolo Bonzini discovered a flaw in the KVM hypervisor implementation for AMD processors in the Linux kernel. Missing validation of the `virt_ext` VMCB field could allow a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. Under these circumstances, the L2 guest is able to run VMLOAD/VMSAVE unintercepted and thus read/write portions of the host's physical memory.

• CVE-2021-3679

  A flaw in the Linux kernel tracing module functionality could allow a privileged local user (with CAP_SYS_ADMIN capability) to cause a denial of service (resource starvation).

• CVE-2021-3732

  Alois Wohlschlager reported a flaw in the implementation of the overlayfs subsystem, allowing a local attacker with privileges to mount a filesystem to reveal files hidden in the original mount.

• CVE-2021-3739

  A NULL pointer dereference flaw was found in the btrfs filesystem, allowing a local attacker with CAP_SYS_ADMIN capabilities to cause a denial of service.

• CVE-2021-3743

  An out-of-bounds memory read was discovered in the Qualcomm IPC router protocol implementation, allowing to cause a denial of service or information leak.

• CVE-2021-3753

  Minh Yuan reported a race condition in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c, which may cause an out of bounds read in vt.

• CVE-2021-37576

  Alexey Kardashevskiy reported a buffer overflow in the KVM subsystem on the powerpc platform, which allows KVM guest OS users to cause memory corruption on the host.

• CVE-2021-38160

  A flaw in the virtio_console was discovered allowing data corruption or data loss by an untrusted device.

• CVE-2021-38166

  An integer overflow flaw in the BPF subsystem could allow a local attacker to cause a denial of service or potentially the execution of arbitrary code. This flaw is mitigated by default in Debian as unprivileged calls to bpf() are disabled.

• CVE-2021-38199

  Michael Wakabayashi reported a flaw in the NFSv4 client implementation, where incorrect connection setup ordering allows operations of a remote NFSv4 server to cause a denial of service.

• CVE-2021-40490

  A race condition was discovered in the ext4 subsystem when writing to an inline_data file while its xattrs are changing. This could result in denial of service.

• CVE-2021-41073

  Valentina Palmiotti discovered a flaw in io_uring allowing a local attacker to escalate privileges.

For the stable distribution (bullseye), these problems have been fixed in version 5.10.46-5. This update includes fixes for #993948 and #993978.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux