| Description: | Summary:
The remote host is missing an update for the Debian 'linux' package(s) announced via the DLA-1799-1 advisory.
Vulnerability Insight:
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
CVE-2018-5995
ADLab of VenusTech discovered that the kernel logged the virtual addresses assigned to per-CPU data, which could make it easier to exploit other vulnerabilities.
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 Multiple researchers have discovered vulnerabilities in the way that Intel processor designs implement speculative forwarding of data filled into temporary microarchitectural structures (buffers). This flaw could allow an attacker controlling an unprivileged process to read sensitive information, including from the kernel and all other processes running on the system, or across guest/host boundaries to read host memory. See [link moved to references] for more details. To fully resolve these vulnerabilities it is also necessary to install updated CPU microcode. An updated intel-microcode package (only available in Debian non-free) was provided via DLA-1789-1. The updated CPU microcode may also be available as part of a system firmware ('BIOS') update.
CVE-2019-2024
A use-after-free bug was discovered in the em28xx video capture driver. Local users might be able to use this for denial of service (memory corruption or crash) or possibly for privilege escalation.
CVE-2019-3459, CVE-2019-3460 Shlomi Oberman, Yuli Shapiro, and Karamba Security Ltd. research team discovered missing range checks in the Bluetooth L2CAP implementation. If Bluetooth is enabled, a nearby attacker could use these to read sensitive information from the kernel.
CVE-2019-3882
It was found that the vfio implementation did not limit the number of DMA mappings to device memory. A local user granted ownership of a vfio device could use this to cause a denial of service (out-of-memory condition).
CVE-2019-3901
Jann Horn of Google reported a race condition that would allow a local user to read performance events from a task after it executes a setuid program. This could leak sensitive information processed by setuid programs. Debian's kernel configuration does not allow unprivileged users to access performance events by default, which fully mitigates this issue.
CVE-2019-6133
Jann Horn of Google found that Policykit's authentication check could be bypassed by a local user creating a process with the same start time and process ID as an older authenticated process. PolicyKit was already updated to fix this in DLA-1644-1. The kernel has additionally been updated to avoid a delay between assigning start time and process ID, which should make the attack impractical.
CVE-2019-9503
Hugues Anguelkov and others at Quarkslab discovered that the brcmfmac (Broadcom wifi FullMAC) driver did not correctly distinguish messages sent by the wifi firmware from other packets. An attacker using the same wifi network could use this for ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'linux' package(s) on Debian 8.
Solution:
Please install the updated package(s).
CVSS Score:
7.9
CVSS Vector:
AV:A/AC:M/Au:N/C:C/I:C/A:C
|
