Package : linux CVE ID : CVE-2020-3702 CVE-2020-16119 CVE-2021-3653 CVE-2021-3656 CVE-2021-3679 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 CVE-2021-3753 CVE-2021-37576 CVE-2021-38160 CVE-2021-38166 CVE-2021-38199 CVE-2021-40490 CVE-2021-41073 Debian Bug : 993948 993978 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2020-3702 A flaw was found in the driver for Atheros IEEE 802.11n family of chipsets (ath9k) allowing information disclosure. CVE-2020-16119 Hadar Manor reported a use-after-free in the DCCP protocol implementation in the Linux kernel. A local attacker can take advantage of this flaw to cause a denial of service or potentially to execute arbitrary code. CVE-2021-3653 Maxim Levitsky discovered a vulnerability in the KVM hypervisor implementation for AMD processors in the Linux kernel: Missing validation of the `int_ctl` VMCB field could allow a malicious L1 guest to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. The L2 guest can take advantage of this flaw to write to a limited but still relatively large subset of the host physical memory. CVE-2021-3656 Maxim Levitsky and Paolo Bonzini discovered a flaw in the KVM hypervisor implementation for AMD processors in the Linux kernel. Missing validation of the the `virt_ext` VMCB field could allow a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. Under these circumstances, the L2 guest is able to run VMLOAD/VMSAVE unintercepted and thus read/write portions of the host's physical memory. CVE-2021-3679 A flaw in the Linux kernel tracing module functionality could allow a privileged local user (with CAP_SYS_ADMIN capability) to cause a denial of service (resource starvation). CVE-2021-3732 Alois Wohlschlager reported a flaw in the implementation of the overlayfs subsystem, allowing a local attacker with privileges to mount a filesystem to reveal files hidden in the original mount. CVE-2021-3739 A NULL pointer dereference flaw was found in the btrfs filesystem, allowing a local attacker with CAP_SYS_ADMIN capabilities to cause a denial of service. CVE-2021-3743 An out-of-bounds memory read was discovered in the Qualcomm IPC router protocol implementation, allowing to cause a denial of service or information leak. CVE-2021-3753 Minh Yuan reported a race condition in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c, which may cause an out of bounds read in vt. CVE-2021-37576 Alexey Kardashevskiy reported a buffer overflow in the KVM subsystem on the powerpc platform, which allows KVM guest OS users to cause memory corruption on the host. CVE-2021-38160 A flaw in the virtio_console was discovered allowing data corruption or data loss by an untrusted device. CVE-2021-38166 An integer overflow flaw in the BPF subsystem could allow a local attacker to cause a denial of service or potentially the execution of arbitrary code. This flaw is mitigated by default in Debian as unprivileged calls to bpf() are disabled. CVE-2021-38199 Michael Wakabayashi reported a flaw in the NFSv4 client implementation, where incorrect connection setup ordering allows operations of a remote NFSv4 server to cause a denial of service. CVE-2021-40490 A race condition was discovered in the ext4 subsystem when writing to an inline_data file while its xattrs are changing. This could result in denial of service. CVE-2021-41073 Valentina Palmiotti discovered a flaw in io_uring allowing a local attacker to escalate privileges. For the stable distribution (bullseye), these problems have been fixed in version 5.10.46-5. This update includes fixes for #993948 and #993978.