https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19816

[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update

[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update

[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update

https://security.netapp.com/advisory/ntap-20200103-0001/

USN-4414-1

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

CVE-2019-19318, CVE-2019-19813, CVE-2019-19816

'Team bobfuzzer' reported bugs in Btrfs that could lead to a use-after-free or heap buffer overflow, and could be triggered by crafted filesystem images. A user permitted to mount and access arbitrary filesystems could use these to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.

CVE-2020-27815

A flaw was reported in the JFS filesystem code allowing a local attacker with the ability to set extended attributes to cause a denial of service.

CVE-2020-27825

Adam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace ring buffer resizing logic due to a race condition, which could result in denial of service or information leak.

CVE-2020-28374

David Disseldorp discovered that the LIO SCSI target implementation performed insufficient checking in certain XCOPY requests. An attacker with access to a LUN and knowledge of Unit Serial Number assignments can take advantage of this flaw to read and write to any LIO backstore, regardless of the SCSI transport settings.

CVE-2020-29568 (XSA-349)

Michael Kurth and Pawel Wieczorkiewicz reported that frontends can trigger OOM in backends by updating a watched path.

CVE-2020-29569 (XSA-350)

Olivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free flaw which can be triggered by a block frontend in Linux blkback. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend.

CVE-2020-29660

Jann Horn reported a locking inconsistency issue in the tty subsystem which may allow a local attacker to mount a read-after-free attack against TIOCGSID.

CVE-2020-29661

Jann Horn reported a locking issue in the tty subsystem which can result in a use-after-free. A local attacker can take advantage of this flaw for memory corruption or privilege escalation.

CVE-2020-36158

A buffer overflow flaw was discovered in the mwifiex WiFi driver which could result in denial of service or the execution of arbitrary code via a long SSID value.

CVE-2021-3178

&#x5434;&#x5F02; reported an information leak in the NFSv3 server.
When only a subdirectory of a filesystem volume is exported, an NFS client listing the exported directory would obtain a file handle to the parent directory, allowing it to access files that were not meant to be exported.

Even after this update, it is still possible for NFSv3 clients to guess valid file handles and access files outside an exported subdirectory, unless the 'subtree_check' export option is enabled. It is recommended that you do not use that option but only export whole filesystem volumes.

CVE-2021-3347

It was discovered that PI futexes have a kernel stack use-after-free during fault handling. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.

CVE-2021-26930 (XSA-365)

Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H.
Sch&ouml;nherr discovered that the Xen block backend driver (xen-blkback) did not handle grant mapping errors correctly. A malicious guest could exploit this bug to cause a denial of service (crash), or possibly an information leak or privilege escalation, within the domain running the backend, which is typically dom0.

CVE-2021-26931 (XSA-362), CVE-2021-26932 (XSA-361), CVE-2021-28038 (XSA-367)

Jan Beulich discovered that the Xen support code and various Xen backend drivers did not handle grant mapping errors correctly. A malicious guest could exploit these bugs to cause a denial of service (crash) within the domain running the backend, which is typically dom0.

CVE-2021-27363

Adam Nichols reported that the iSCSI initiator subsystem did not properly restrict access to transport handle attributes in sysfs. On a system acting as an iSCSI initiator, this is an information leak to local users and makes it easier to exploit CVE-2021-27364.

CVE-2021-27364

Adam Nichols reported that the iSCSI initiator subsystem did not properly restrict access to its netlink management interface. On a system acting as an iSCSI initiator, a local user could use these to cause a denial of service (disconnection of storage) or possibly for privilege escalation.

CVE-2021-27365

Adam Nichols reported that the iSCSI initiator subsystem did not correctly limit the lengths of parameters or 'passthrough PDUs' sent through its netlink management interface. On a system acting as an iSCSI initiator, a local user could use these to leak the contents of kernel memory, to cause a denial of service (kernel memory corruption or crash), and probably for privilege escalation.

For Debian 9 stretch, these problems have been fixed in version 4.9.258-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4709-1 advisory.

  - An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer     dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted     xfs image. This occurs because of a lack of proper validation that cached inodes are free during     allocation. (CVE-2018-13093)

  - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and     then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c.
    This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in     fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. (CVE-2019-19813)

  - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can     cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for     the number of data stripes is mishandled. (CVE-2019-19816)

  - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking     in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal     in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker     has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are     proxied via an attacker-selected backstore. (CVE-2020-28374)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4708-1 advisory.

  - An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer     dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted     xfs image. This occurs because of a lack of proper validation that cached inodes are free during     allocation. (CVE-2018-13093)

  - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and     then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c.
    This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in     fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. (CVE-2019-19813)

  - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can     cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for     the number of data stripes is mishandled. (CVE-2019-19816)

  - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked     down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries     platform) a root like local user could use this flaw to further increase their privileges to that of a     running kernel. (CVE-2020-27777)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote host is prior to 4.14.214-118.339. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1477 advisory.

  - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and     then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c.
    This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in     fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. (CVE-2019-19813)

  - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can     cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for     the number of data stripes is mishandled. (CVE-2019-19816)

  - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are     processing watch events using a single thread. If the events are received faster than the thread is able     to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the     backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)

  - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux     kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.
    However, the handler may not have time to run if the frontend quickly toggles between the states connect     and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving     guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege     escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.
    (CVE-2020-29569)

  - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
    drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,     aka CID-c8bcd9c5be24. (CVE-2020-29660)

  - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
    drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
    (CVE-2020-29661)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote host is prior to 4.14.214-160.339. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1588 advisory.

  - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and     then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c.
    This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in     fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. (CVE-2019-19813)

  - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can     cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for     the number of data stripes is mishandled. (CVE-2019-19816)

  - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are     processing watch events using a single thread. If the events are received faster than the thread is able     to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the     backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)

  - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux     kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.
    However, the handler may not have time to run if the frontend quickly toggles between the states connect     and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving     guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege     escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.
    (CVE-2020-29569)

  - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
    drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,     aka CID-c8bcd9c5be24. (CVE-2020-29660)

  - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
    drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
    (CVE-2020-29661)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5995 advisory.

  - Improper access control in BlueZ may allow an unauthenticated user to potentially enable information     disclosure via adjacent access. (CVE-2020-12352)

  - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an     authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694)

  - Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to     potentially enable information disclosure via local access. (CVE-2020-8695)

  - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was     using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of     bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)

  - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users     can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.
    (CVE-2020-27673)

  - To fix this vulnerability, update the affected packages: linux linux-esx (CVE-2020-25668)

  - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using     PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of     service. (CVE-2020-25704)

  - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to     read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because     KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)

  - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can     cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for     the number of data stripes is mishandled. (CVE-2019-19816)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks.

CVE-2019-19039

'Team bobfuzzer' reported a bug in Btrfs that could lead to an assertion failure (WARN). A user permitted to mount and access arbitrary filesystems could use this to cause a denial of service (crash) if the panic_on_warn kernel parameter is set.

CVE-2019-19377

'Team bobfuzzer' reported a bug in Btrfs that could lead to a use-after-free. A user permitted to mount and access arbitrary filesystems could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.

CVE-2019-19770

The syzbot tool discovered a race condition in the block I/O tracer (blktrace) that could lead to a system crash. Since blktrace can only be controlled by privileged users, the security impact of this is unclear.

CVE-2019-19816

'Team bobfuzzer' reported a bug in Btrfs that could lead to an out-of-bounds write. A user permitted to mount and access arbitrary filesystems could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.

CVE-2020-0423

A race condition was discovered in the Android binder driver, that could result in a use-after-free. On systems using this driver, a local user could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.

CVE-2020-8694

Multiple researchers discovered that the powercap subsystem allowed all users to read CPU energy meters, by default. On systems using Intel CPUs, this provided a side channel that could leak sensitive information between user processes, or from the kernel to user processes. The energy meters are now readable only by root, by default.

This issue can be mitigated by running :

chmod go-r /sys/devices/virtual/powercap/*/*/energy_uj

This needs to be repeated each time the system is booted with an unfixed kernel version.

CVE-2020-14351

A race condition was discovered in the performance events subsystem, which could lead to a use-after-free. A local user permitted to access performance events could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.

Debian's kernel configuration does not allow unprivileged users to access peformance events by default, which fully mitigates this issue.

CVE-2020-25656

Yuan Ming and Bodong Zhao discovered a race condition in the virtual terminal (vt) driver that could lead to a use-after-free. A local user with the CAP_SYS_TTY_CONFIG capability could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.

CVE-2020-25668

Yuan Ming and Bodong Zhao discovered a race condition in the virtual terminal (vt) driver that could lead to a use-after-free. A local user with access to a virtual terminal, or with the CAP_SYS_TTY_CONFIG capability, could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.

CVE-2020-25669

Bodong Zhao discovered a bug in the Sun keyboard driver (sunkbd) that could lead to a use-after-free. On a system using this driver, a local user could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.

CVE-2020-25704

kiyin(&#x5C39;&#x4EAE;) discovered a potential memory leak in the performance events subsystem. A local user permitted to access performance events could use this to cause a denial of service (memory exhaustion).

Debian's kernel configuration does not allow unprivileged users to access peformance events by default, which fully mitigates this issue.

CVE-2020-25705

Keyu Man reported that strict rate-limiting of ICMP packet transmission provided a side-channel that could help networked attackers to carry out packet spoofing. In particular, this made it practical for off-path networked attackers to 'poison' DNS caches with spoofed responses ('SAD DNS' attack).

This issue has been mitigated by randomising whether packets are counted against the rate limit.

CVE-2020-27673 / XSA-332

Julien Grall from Arm discovered a bug in the Xen event handling code.
Where Linux was used in a Xen dom0, unprivileged (domU) guests could cause a denial of service (excessive CPU usage or hang) in dom0.

CVE-2020-27675 / XSA-331

Jinoh Kang of Theori discovered a race condition in the Xen event handling code. Where Linux was used in a Xen dom0, unprivileged (domU) guests could cause a denial of service (crash) in dom0.

CVE-2020-28941

Shisong Qin and Bodong Zhao discovered a bug in the Speakup screen reader subsystem. Speakup assumed that it would only be bound to one terminal (tty) device at a time, but did not enforce this. A local user could exploit this bug to cause a denial of service (crash or memory exhaustion).

CVE-2020-28974

Yuan Ming discovered a bug in the virtual terminal (vt) driver that could lead to an out-of-bounds read. A local user with access to a virtual terminal, or with the CAP_SYS_TTY_CONFIG capability, could possibly use this to obtain sensitive information from the kernel or to cause a denial of service (crash).

The specific ioctl operation affected by this bug (KD_FONT_OP_COPY) has been disabled, as it is not believed that any programs depended on it.

For Debian 9 stretch, these problems have been fixed in version 4.19.160-2~deb9u1.

We recommend that you upgrade your linux-4.19 packages.

For the detailed security status of linux-4.19 please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/linux-4.19

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of the linux package has been released.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak.

CVE-2019-3874

Kernel buffers allocated by the SCTP network protocol were not limited by the memory cgroup controller. A local user could potentially use this to evade container memory limits and to cause a denial of service (excessive memory use).

CVE-2019-19448, CVE-2019-19813, CVE-2019-19816

'Team bobfuzzer' reported bugs in Btrfs that could lead to a use-after-free or heap buffer overflow, and could be triggered by crafted filesystem images. A user permitted to mount and access arbitrary filesystems could use these to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.

CVE-2020-10781

Luca Bruno of Red Hat discovered that the zram control file /sys/class/zram-control/hot_add was readable by all users. On a system with zram enabled, a local user could use this to cause a denial of service (memory exhaustion).

CVE-2020-12888

It was discovered that the PCIe Virtual Function I/O (vfio-pci) driver allowed users to disable a device's memory space while it was still mapped into a process. On some hardware platforms, local users or guest virtual machines permitted to access PCIe Virtual Functions could use this to cause a denial of service (hardware error and crash).

CVE-2020-14314

A bug was discovered in the ext4 filesystem that could lead to an out-of-bound read. A local user permitted to mount and access arbitrary filesystem images could use this to cause a denial of service (crash).

CVE-2020-14331

A bug was discovered in the VGA console driver's soft-scrollback feature that could lead to a heap buffer overflow. On a system with a custom kernel that has CONFIG_VGACON_SOFT_SCROLLBACK enabled, a local user with access to a console could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.

CVE-2020-14356

A bug was discovered in the cgroup subsystem's handling of socket references to cgroups. In some cgroup configurations, this could lead to a use-after-free. A local user might be able to use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.

CVE-2020-14385

A bug was discovered in XFS, which could lead to an extended attribute (xattr) wrongly being detected as invalid. A local user with access to an XFS filesystem could use this to cause a denial of service (filesystem shutdown).

CVE-2020-14386

Or Cohen discovered a bug in the packet socket (AF_PACKET) implementation which could lead to a heap buffer overflow. A local user with the CAP_NET_RAW capability (in any user namespace) could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.

CVE-2020-14390

Minh Yuan discovered a bug in the framebuffer console driver's scrollback feature that could lead to a heap buffer overflow. On a system using framebuffer consoles, a local user with access to a console could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.

The scrollback feature has been disabled for now, as no other fix was available for this issue.

CVE-2020-16166

Amit Klein reported that the random number generator used by the network stack might not be re-seeded for long periods of time, making e.g. client port number allocations more predictable. This made it easier for remote attackers to carry out some network- based attacks such as DNS cache poisoning or device tracking.

CVE-2020-25212

A bug was discovered in the NFSv4 client implementation that could lead to a heap buffer overflow. A malicious NFS server could use this to cause a denial of service (crash or memory corruption) or possibly to execute arbitrary code on the client.

CVE-2020-25284

It was discovered that the Rados block device (rbd) driver allowed tasks running as uid 0 to add and remove rbd devices, even if they dropped capabilities. On a system with the rbd driver loaded, this might allow privilege escalation from a container with a task running as root.

CVE-2020-25285

A race condition was discovered in the hugetlb filesystem's sysctl handlers, that could lead to stack corruption. A local user permitted to write to hugepages sysctls could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. By default only the root user can do this.

CVE-2020-25641

The syzbot tool found a bug in the block layer that could lead to an infinite loop. A local user with access to a raw block device could use this to cause a denial of service (unbounded CPU use and possible system hang).

CVE-2020-26088

It was discovered that the NFC (Near Field Communication) socket implementation allowed any user to create raw sockets. On a system with an NFC interface, this allowed local users to evade local network security policy.

For Debian 9 stretch, these problems have been fixed in version 4.19.146-1~deb9u1. This update additionally fixes Debian bugs #966846, #966917, and #968567; and includes many more bug fixes from stable updates 4.19.133-4.19.146 inclusive.

We recommend that you upgrade your linux-4.19 packages.

For the detailed security status of linux-4.19 please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/linux-4.19

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that the network block device (nbd) implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16089) It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2019-19036, CVE-2019-19318, CVE-2019-19813, CVE-2019-19816) It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service (system crash). (CVE-2019-19377) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly check return values in some situations.
A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19462) Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service (system crash).
(CVE-2020-10711) It was discovered that the SCSI generic (sg) driver in the Linux kernel did not properly handle certain error conditions correctly. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-12770) It was discovered that the USB Gadget device driver in the Linux kernel did not validate arguments passed from configfs in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-13143) It was discovered that the efi subsystem in the Linux kernel did not handle memory allocation failures during early boot in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12380) It was discovered that the btrfs file system in the Linux kernel in some error conditions could report register information to the dmesg buffer. A local attacker could possibly use this to expose sensitive information. (CVE-2019-19039).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
147532	Debian DLA-2586-1 : linux security update	Nessus	Debian Local Security Checks	high
145516	Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4709-1)	Nessus	Ubuntu Local Security Checks	high
145510	Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4708-1)	Nessus	Ubuntu Local Security Checks	high
145458	Amazon Linux AMI : kernel (ALAS-2021-1477)	Nessus	Amazon Linux Local Security Checks	high
145456	Amazon Linux 2 : kernel (ALAS-2021-1588)	Nessus	Amazon Linux Local Security Checks	high
144207	Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5995)	Nessus	Oracle Linux Local Security Checks	high
144097	Debian DLA-2483-1 : linux-4.19 security update	Nessus	Debian Local Security Checks	high
141098	Photon OS 2.0: Linux PHSA-2020-2.0-0287	Nessus	PhotonOS Local Security Checks	high
141094	Photon OS 3.0: Linux PHSA-2020-3.0-0145	Nessus	PhotonOS Local Security Checks	high
141091	Photon OS 1.0: Linux PHSA-2020-1.0-0329	Nessus	PhotonOS Local Security Checks	high
140933	Debian DLA-2385-1 : linux-4.19 security update	Nessus	Debian Local Security Checks	high
138139	Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4414-1)	Nessus	Ubuntu Local Security Checks	high

CVE-2019-19816

HIGH

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6

Configuration 7

Configuration 8

Configuration 9

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high