Package : linux CVE ID : CVE-2020-3702 CVE-2020-16119 CVE-2021-3653 CVE-2021-3656 CVE-2021-3679 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 CVE-2021-3753 CVE-2021-37576 CVE-2021-38160 CVE-2021-38166 CVE-2021-38199 CVE-2021-40490 CVE-2021-41073 Debian Bug : 993948 993978 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2020-3702 Description CVE-2020-16119 Description CVE-2021-3653 Description CVE-2021-3656 Description CVE-2021-3679 Description CVE-2021-3732 Description CVE-2021-3739 Description CVE-2021-3743 An out-of-bounds memory read flaw was discovered in the Qualcomm IPC router protocol, allowing to cause a denial of service or information leak. CVE-2021-3753 Minh Yuan reported race condition flaw in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c, which may cause an out of bounds read in vt. CVE-2021-37576 Alexey Kardashevskiy reported a buffer overflow flaw in the KVM subsystem on the powerpc platform, which allows KVM guest OS users to cause memory corruption on the host. CVE-2021-38160 A flaw in the virtio_console was discovered allowing data corruption or data loss by an untrusted device. CVE-2021-38166 An integer overflow flaw in the BPF subsystem could allow a local attacker able to cause a denial of service or potentially the execution of arbitrary code. This flaw is mitigated by default in Debian as unprivileged calls to bpf() are disabled. CVE-2021-38199 Michael Wakabayashi reported a flaw in the NFSv4 client subsystem where incorrect connection-setup ordering allows operations of a remote NFSv4 server to cause a denial of service (hanging of mounts). CVE-2021-40490 A race condition was discovered in the ext4 subsystem when writing to an inline_data file while its xattrs are changing, which could result in denial of service. CVE-2021-41073 Valentina Palmiotti discovered a flaw in io_uring allowing a local attacker to escalate privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer. For the stable distribution (bullseye), these problems have been fixed in version 5.10.46-5.