Debian DSA-4843-1 : linux - security update

high Nessus Plugin ID 146052
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

- CVE-2020-27815 A flaw was reported in the JFS filesystem code allowing a local attacker with the ability to set extended attributes to cause a denial of service.

- CVE-2020-27825 Adam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace ring buffer resizing logic due to a race condition, which could result in denial of service or information leak.

- CVE-2020-27830 Shisong Qin reported a NULL pointer dereference flaw in the Speakup screen reader core driver.

- CVE-2020-28374 David Disseldorp discovered that the LIO SCSI target implementation performed insufficient checking in certain XCOPY requests. An attacker with access to a LUN and knowledge of Unit Serial Number assignments can take advantage of this flaw to read and write to any LIO backstore, regardless of the SCSI transport settings.

- CVE-2020-29568 (XSA-349) Michael Kurth and Pawel Wieczorkiewicz reported that frontends can trigger OOM in backends by updating a watched path.

- CVE-2020-29569 (XSA-350) Olivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free flaw which can be triggered by a block frontend in Linux blkback. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend.

- CVE-2020-29660 Jann Horn reported a locking inconsistency issue in the tty subsystem which may allow a local attacker to mount a read-after-free attack against TIOCGSID.

- CVE-2020-29661 Jann Horn reported a locking issue in the tty subsystem which can result in a use-after-free. A local attacker can take advantage of this flaw for memory corruption or privilege escalation.

- CVE-2020-36158 A buffer overflow flaw was discovered in the mwifiex WiFi driver which could result in denial of service or the execution of arbitrary code via a long SSID value.

- CVE-2021-3347 It was discovered that PI futexes have a kernel stack use-after-free during fault handling. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.

- CVE-2021-20177 A flaw was discovered in the Linux implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) can take advantage of this flaw to cause a kernel panic when inserting iptables rules.

Solution

Upgrade the linux packages.

For the stable distribution (buster), these problems have been fixed in version 4.19.171-2.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970736

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972345

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977048

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977615

https://security-tracker.debian.org/tracker/CVE-2020-27815

https://security-tracker.debian.org/tracker/CVE-2020-27825

https://security-tracker.debian.org/tracker/CVE-2020-27830

https://security-tracker.debian.org/tracker/CVE-2020-28374

https://security-tracker.debian.org/tracker/CVE-2020-29568

https://security-tracker.debian.org/tracker/CVE-2020-29569

https://security-tracker.debian.org/tracker/CVE-2020-29660

https://security-tracker.debian.org/tracker/CVE-2020-29661

https://security-tracker.debian.org/tracker/CVE-2020-36158

https://security-tracker.debian.org/tracker/CVE-2021-3347

https://security-tracker.debian.org/tracker/CVE-2021-20177

https://security-tracker.debian.org/tracker/source-package/linux

https://packages.debian.org/source/buster/linux

https://www.debian.org/security/2021/dsa-4843

Plugin Details

Severity: High

ID: 146052

File Name: debian_DSA-4843.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2/2/2021

Updated: 2/8/2021

Dependencies: ssh_get_info.nasl

Risk Information

CVSS Score Source: CVE-2021-3347

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:linux, cpe:/o:debian:debian_linux:10.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/1/2021

Vulnerability Publication Date: 12/9/2020

Reference Information

CVE: CVE-2020-27815, CVE-2020-27825, CVE-2020-27830, CVE-2020-28374, CVE-2020-29568, CVE-2020-29569, CVE-2020-29660, CVE-2020-29661, CVE-2020-36158, CVE-2021-20177, CVE-2021-3347

DSA: 4843