Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.892420
Category:Debian Local Security Checks
Title:Debian LTS: Security Advisory for linux (DLA-2420-1)
Summary:The remote host is missing an update for the 'linux'; package(s) announced via the DLA-2420-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux'
package(s) announced via the DLA-2420-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in the Linux kernel that
may lead to the execution of arbitrary code, privilege escalation,
denial of service or information leaks.

CVE-2019-9445

A potential out-of-bounds read was discovered in the F2FS
implementation. A user permitted to mount and access arbitrary
filesystems could potentially use this to cause a denial of
service (crash) or to read sensitive information.

CVE-2019-19073, CVE-2019-19074

Navid Emamdoost discovered potential memory leaks in the ath9k and
ath9k_htc drivers. The security impact of these is unclear.

CVE-2019-19448

'Team bobfuzzer' reported a bug in Btrfs that could lead to a
use-after-free, and could be triggered by crafted filesystem
images. A user permitted to mount and access arbitrary
filesystems could use this to cause a denial of service (crash or
memory corruption) or possibly for privilege escalation.

CVE-2020-12351

Andy Nguyen discovered a flaw in the Bluetooth implementation in
the way L2CAP packets with A2MP CID are handled. A remote attacker
within a short distance, knowing the victim's Bluetooth device
address, can send a malicious l2cap packet and cause a denial of
service or possibly arbitrary code execution with kernel
privileges.

CVE-2020-12352

Andy Nguyen discovered a flaw in the Bluetooth implementation.
Stack memory is not properly initialised when handling certain AMP
packets. A remote attacker within a short distance, knowing the
victim's Bluetooth device address address, can retrieve kernel
stack information.

CVE-2020-12655

Zheng Bin reported that crafted XFS volumes could trigger a system
hang. An attacker able to mount such a volume could use this to
cause a denial of service.

CVE-2020-12771

Zhiqiang Liu reported a bug in the bcache block driver that could
lead to a system hang. The security impact of this is unclear.

CVE-2020-12888

It was discovered that the PCIe Virtual Function I/O (vfio-pci)
driver allowed users to disable a device's memory space while it
was still mapped into a process. On some hardware platforms,
local users or guest virtual machines permitted to access PCIe
Virtual Functions could use this to cause a denial of service
(hardware error and crash).

CVE-2020-14305

Vasily Averin of Virtuozzo discovered a potential heap buffer
overflow in the netfilter nf_contrack_h323 module. When this
module is used to perform connection tracking for TCP/IPv6, a
remote attacker could use this to cause a denial of service (crash
or memory corruption) or possibly for remote code execution with
kernel privilege.

CVE-2020-14314

A bug was discovered in the ext4 filesystem that could lead to an
out ...

Description truncated. Please see the references for more information.

Affected Software/OS:
'linux' package(s) on Debian Linux.

Solution:
For Debian 9 stretch, these problems have been fixed in version
4.9.240-1. This update additionally includes many more bug fixes from
stable updates 4.9.229-4.9.240 inclusive.

We recommend that you upgrade your linux packages.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-9445
https://source.android.com/security/bulletin/pixel/2019-09-01
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
https://usn.ubuntu.com/4526-1/
https://usn.ubuntu.com/4527-1/
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.