Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.704698
Category:Debian Local Security Checks
Title:Debian: Security Advisory for linux (DSA-4698-1)
Summary:The remote host is missing an update for the 'linux'; package(s) announced via the DSA-4698-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux'
package(s) announced via the DSA-4698-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2019-2182
Hanjun Guo and Lei Li reported a race condition in the arm64
virtual memory management code, which could lead to an information
disclosure, denial of service (crash), or possibly privilege
escalation.

CVE-2019-5108
Mitchell Frank of Cisco discovered that when the IEEE 802.11
(WiFi) stack was used in AP mode with roaming, it would trigger
roaming for a newly associated station before the station was
authenticated. An attacker within range of the AP could use this
to cause a denial of service, either by filling up a switching
table or by redirecting traffic away from other stations.

CVE-2019-19319
Jungyeon discovered that a crafted filesystem can cause the ext4
implementation to deallocate or reallocate journal blocks. A user
permitted to mount filesystems could use this to cause a denial of
service (crash), or possibly for privilege escalation.

CVE-2019-19462The syzbot tool found a missing error check in the relay

library used to implement various files under debugfs. A local
user permitted to access debugfs could use this to cause a denial
of service (crash) or possibly for privilege escalation.

CVE-2019-19768
Tristan Madani reported a race condition in the blktrace debug
facility that could result in a use-after-free. A local user able
to trigger removal of block devices could possibly use this to
cause a denial of service (crash) or for privilege escalation.

CVE-2019-20806
A potential null pointer dereference was discovered in the tw5864
media driver. The security impact of this is unclear.

CVE-2019-20811
The Hulk Robot tool found a reference-counting bug in an error
path in the network subsystem. The security impact of this is
unclear.

CVE-2020-0543
Researchers at VU Amsterdam discovered that on some Intel CPUs
supporting the RDRAND and RDSEED instructions, part of a random
value generated by these instructions may be used in a later
speculative execution on any core of the same physical CPU.
Depending on how these instructions are used by applications, a
local user or VM guest could use this to obtain sensitive
information such as cryptographic keys from other users or VMs.

This vulnerability can be mitigated by a microcode update, either
as part of system firmware (BIOS) or through the intel-microcode
package in Debian's non-free archive section. This kernel update
only provides reporting of the vulnerability and the option to
disable the mitigation if it is not needed.

CVE-2020-2732
Paulo Bonzini discovered that the KVM implementa ...

Description truncated. Please see the references for more information.

Affected Software/OS:
'linux' package(s) on Debian Linux.

Solution:
For the oldstable distribution (stretch), these problems have been
fixed in version 4.9.210-1+deb9u1. This version also fixes some
related bugs that do not have their own CVE IDs, and a regression in
the macvlan driver introduced in the previous point release (bug

We recommend that you upgrade your linux packages.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-2182
Debian Security Information: DSA-4698 (Google Search)
https://www.debian.org/security/2020/dsa-4698
https://source.android.com/security/bulletin/pixel/2019-09-01
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-5108
http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html
https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
https://usn.ubuntu.com/4285-1/
https://usn.ubuntu.com/4286-1/
https://usn.ubuntu.com/4286-2/
https://usn.ubuntu.com/4287-1/
https://usn.ubuntu.com/4287-2/
Common Vulnerability Exposure (CVE) ID: CVE-2020-0543
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DT2VKDMQ3I37NBNJ256A2EXR7OJHXXKZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQZMOSHLTBBIECENNXA6M7DN5FEED4KI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html
http://www.openwall.com/lists/oss-security/2020/07/14/5
SuSE Security Announcement: openSUSE-SU-2020:0818 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00025.html
SuSE Security Announcement: openSUSE-SU-2020:0965 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html
SuSE Security Announcement: openSUSE-SU-2020:0985 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html
https://usn.ubuntu.com/4385-1/
https://usn.ubuntu.com/4387-1/
https://usn.ubuntu.com/4388-1/
https://usn.ubuntu.com/4389-1/
https://usn.ubuntu.com/4390-1/
https://usn.ubuntu.com/4391-1/
https://usn.ubuntu.com/4392-1/
https://usn.ubuntu.com/4393-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-2732
Debian Security Information: DSA-4667 (Google Search)
https://www.debian.org/security/2020/dsa-4667
https://bugzilla.redhat.com/show_bug.cgi?id=1805135
https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec
https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c
https://git.kernel.org/linus/e71237d3ff1abf9f3388337cfebf53b96df2020d
https://linux.oracle.com/errata/ELSA-2020-5540.html
https://linux.oracle.com/errata/ELSA-2020-5542.html
https://linux.oracle.com/errata/ELSA-2020-5543.html
https://www.openwall.com/lists/oss-security/2020/02/25/3
https://www.spinics.net/lists/kvm/msg208259.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-8428
http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6
https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6
https://www.openwall.com/lists/oss-security/2020/01/28/2
http://www.openwall.com/lists/oss-security/2020/01/28/4
http://www.openwall.com/lists/oss-security/2020/02/02/1
SuSE Security Announcement: openSUSE-SU-2020:0336 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
https://usn.ubuntu.com/4318-1/
https://usn.ubuntu.com/4319-1/
https://usn.ubuntu.com/4320-1/
https://usn.ubuntu.com/4324-1/
https://usn.ubuntu.com/4325-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-8647
https://bugzilla.kernel.org/show_bug.cgi?id=206359
SuSE Security Announcement: openSUSE-SU-2020:0388 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-8648
https://bugzilla.kernel.org/show_bug.cgi?id=206361
https://usn.ubuntu.com/4342-1/
https://usn.ubuntu.com/4344-1/
https://usn.ubuntu.com/4345-1/
https://usn.ubuntu.com/4346-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-8649
https://bugzilla.kernel.org/show_bug.cgi?id=206357
Common Vulnerability Exposure (CVE) ID: CVE-2020-9383
https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.