blob: 805679fd1a1f612506c209a96c15453d7b04fecc (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
From: Salvatore Bonaccorso <carnil@debian.org>
To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA EMBRGD-linux] linux security update
-------------------------------------------------------------------------
Debian Security Advisory DSA-EMBRGD-linux security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 27, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : linux
CVE ID : CVE-2020-2732 CVE-2020-8428 CVE-2020-10942 CVE-2020-11565
CVE-2020-11884
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service, or information
leak.
CVE-2020-2732
Paulo Bonzini discovered that KVM implementation for Intel
processors did not properly handle instruction emulation for the L2
guest when nested virtualization is enabled, allowing the L2
guest to trick the L0 hypervisor to access sensitive bits of the L1
hypervisor.
CVE-2020-8428
Al Viro discovered a use-after-free vulnerability in the VFS layer
in the may_create_in_sticky() function, allowing a local attacker to
cause a denial of service or obtain sensitive information from
kernel memory.
CVE-2020-10942
It was discovered that the get_raw_socket() function in
drivers/vhost/net.c did not validate an sk_family field, allowing
an attacker to trigger a stack corruption via crafted system calls.
CVE-2020-11565
Entropy Moe reported a stack-based out-of-bounds write vulnerability
in mpol_parse_str() in mm/mempolicy.c because an empty nodelist is
mishandled during mount option parsing.
CVE-2020-11884
Al Viro reported a flaw in the architecture code for s390x, where a
page table upgrade in a kernel section that uses secondary address
mode will mess up the kernel instructions, potentially allowing a
unprivileged user to crash the kernel or potentially to execute user
provided code in the kernel context.
For the stable distribution (buster), these problems have been fixed in
version 4.19.98-1+deb10u1.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
|