• [SECURITY] [DSA 4978-1] linux security update

    From Salvatore Bonaccorso@21:1/5 to All on Sat Sep 25 10:20:01 2021
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4978-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 25, 2021 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : linux
    CVE ID : CVE-2020-3702 CVE-2020-16119 CVE-2021-3653 CVE-2021-3656
    CVE-2021-3679 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743
    CVE-2021-3753 CVE-2021-37576 CVE-2021-38160 CVE-2021-38166
    CVE-2021-38199 CVE-2021-40490 CVE-2021-41073
    Debian Bug : 993948 993978

    Several vulnerabilities have been discovered in the Linux kernel
    that may lead to a privilege escalation, denial of service or
    information leaks.


    A flaw was found in the driver for Atheros IEEE 802.11n family of
    chipsets (ath9k) allowing information disclosure.


    Hadar Manor reported a use-after-free in the DCCP protocol
    implementation in the Linux kernel. A local attacker can take
    advantage of this flaw to cause a denial of service or potentially
    to execute arbitrary code.


    Maxim Levitsky discovered a vulnerability in the KVM hypervisor
    implementation for AMD processors in the Linux kernel: Missing
    validation of the `int_ctl` VMCB field could allow a malicious L1
    guest to enable AVIC support (Advanced Virtual Interrupt Controller)
    for the L2 guest. The L2 guest can take advantage of this flaw to
    write to a limited but still relatively large subset of the host
    physical memory.


    Maxim Levitsky and Paolo Bonzini discovered a flaw in the KVM
    hypervisor implementation for AMD processors in the Linux kernel.
    Missing validation of the the `virt_ext` VMCB field could allow a
    malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS
    (Virtual VMLOAD/VMSAVE) for the L2 guest. Under these circumstances,
    the L2 guest is able to run VMLOAD/VMSAVE unintercepted and thus
    read/write portions of the host's physical memory.


    A flaw in the Linux kernel tracing module functionality could allow
    a privileged local user (with CAP_SYS_ADMIN capability) to cause a
    denial of service (resource starvation).


    Alois Wohlschlager reported a flaw in the implementation of the
    overlayfs subsystem, allowing a local attacker with privileges to
    mount a filesystem to reveal files hidden in the original mount.


    A NULL pointer dereference flaw was found in the btrfs filesystem,
    allowing a local attacker with CAP_SYS_ADMIN capabilities to cause a
    denial of service.


    An out-of-bounds memory read was discovered in the Qualcomm IPC
    router protocol implementation, allowing to cause a denial of
    service or information leak.


    Minh Yuan reported a race condition in the vt_k_ioctl in
    drivers/tty/vt/vt_ioctl.c, which may cause an out of bounds
    read in vt.


    Alexey Kardashevskiy reported a buffer overflow in the KVM subsystem
    on the powerpc platform, which allows KVM guest OS users to cause
    memory corruption on the host.


    A flaw in the virtio_console was discovered allowing data corruption
    or data loss by an untrusted device.


    An integer overflow flaw in the BPF subsystem could allow a local
    attacker to cause a denial of service or potentially the execution
    of arbitrary code. This flaw is mitigated by default in Debian as
    unprivileged calls to bpf() are disabled.


    Michael Wakabayashi reported a flaw in the NFSv4 client
    implementation, where incorrect connection setup ordering allows
    operations of a remote NFSv4 server to cause a denial of service.


    A race condition was discovered in the ext4 subsystem when writing
    to an inline_data file while its xattrs are changing. This could
    result in denial of service.


    Valentina Palmiotti discovered a flaw in io_uring allowing a local
    attacker to escalate privileges.

    For the stable distribution (bullseye), these problems have been fixed in version 5.10.46-5. This update includes fixes for #993948 and #993978.

    We recommend that you upgrade your linux packages.

    For the detailed security status of linux please refer to
    its security tracker page at:

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmFO2GNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TnbQ/8C5VZ8M2c1r7inKdf/JxcNqAgmquOVo/Ib9Ei17r+7/IXa4mo/FCz4xOb V68lNhqA43GJPWGHcj8mndVfkTHnn0PRekd5oPoKTdo4fJS0JEipUvNM3W+ukYVo eJi9+rV6fLmA9w0TTLqRaAZG1jjHxKqNo0XjbwGMhM8+hp5grAGuZrNfQ8mJk/CX RM8PyeWFTkio0eVr5G4wgxSDLJeg3Aa9azYvfXhgZ8OCl1ArSgLN3xhHqfuXFPAN F2i8ZRSwwlFtkea/Zm1eet+uwEs3Mz0pCXxBApITIaPh8Zo1Lj/0u8BBQqbGTuiF 6JNYnZc6TZ16DI3M8/a4x8sjG/C4Q6D+rOTpfaoydz4kcGEFWZC7/L9Y0wmd11da a4OIQq56Kk1bYI+G/7hl6BstLZxaqY/mafshV+nhQIzOBMBo35/r6Coz7AQUSJ5R vpPv1CKSwwki9zic0aegXZRUd0SJAyNEOqpvDSlT0hy2nNlnYFKIAySlFv68Lz9M RO/t4qFaKz07UdrNqN7E6qXZ6TZ18cIw2SQiozcR7g3CQ5WrBErxibkvmM4vHDgp /AlmxCuiTNtBdwGNlcT16kCbvyQLx3wSzisUBceIQqb/XTw9Ti2ctDWgYStsscSC LaEFBjJhYxBvDhnav4P2ZpHni5C1J/KS3qiR6wCEBTh4Qy5dYjo=
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)