Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.892114
Category:Debian Local Security Checks
Title:Debian LTS: Security Advisory for linux-4.9 (DLA-2114-1)
Summary:The remote host is missing an update for the 'linux-4.9'; package(s) announced via the DLA-2114-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux-4.9'
package(s) announced via the DLA-2114-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2018-13093, CVE-2018-13094

Wen Xu from SSLab at Gatech reported several NULL pointer
dereference flaws that may be triggered when mounting and
operating a crafted XFS volume. An attacker able to mount
arbitrary XFS volumes could use this to cause a denial of service
(crash).

CVE-2018-20976

It was discovered that the XFS file-system implementation did not
correctly handle some mount failure conditions, which could lead
to a use-after-free. The security impact of this is unclear.

CVE-2018-21008

It was discovered that the rsi wifi driver did not correctly
handle some failure conditions, which could lead to a use-after-
free. The security impact of this is unclear.

CVE-2019-0136

It was discovered that the wifi soft-MAC implementation (mac80211)
did not properly authenticate Tunneled Direct Link Setup (TDLS)
messages. A nearby attacker could use this for denial of service
(loss of wifi connectivity).

CVE-2019-2215

The syzkaller tool discovered a use-after-free vulnerability in
the Android binder driver. A local user on a system with this
driver enabled could use this to cause a denial of service (memory
corruption or crash) or possibly for privilege escalation.
However, this driver is not enabled on Debian packaged kernels.

CVE-2019-10220

Various developers and researchers found that if a crafted file-
system or malicious file server presented a directory with
filenames including a '/' character, this could confuse and
possibly defeat security checks in applications that read the
directory.

The kernel will now return an error when reading such a directory,
rather than passing the invalid filenames on to user-space.

CVE-2019-14615

It was discovered that Intel 9th and 10th generation GPUs did not
clear user-visible state during a context switch, which resulted
in information leaks between GPU tasks. This has been mitigated
in the i915 driver.

The affected chips (gen9 and gen10) are listed at
<

CVE-2019-14814, CVE-2019-14815, CVE-2019-14816

Multiple bugs were discovered in the mwifiex wifi driver, which
could lead to heap buffer overflows. A local user permitted to
configure a device handled by this driver could probably use this
for privilege escalation.

CVE-2019-14895, CVE-2019-14901

ADLab of Venustech discovered potential heap buffer overflows in
the mwifiex wifi driver. On systems using this driver, a
malicious Wireless Access Point or adhoc/P2P peer could use these
to cause a denial of service (memory corruption or crash) or
possibly for remote code ...

Description truncated. Please see the references for more information.

Affected Software/OS:
'linux-4.9' package(s) on Debian Linux.

Solution:
For Debian 8 'Jessie', these problems have been fixed in version
4.9.210-1~
deb8u1. This update additionally fixes Debian bugs
#869511 and 945023, and includes many more bug fixes from stable
updates 4.9.190-4.9.210 inclusive.

We recommend that you upgrade your linux-4.9 packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-0136
BugTraq ID: 108777
http://www.securityfocus.com/bid/108777
http://jvn.jp/en/jp/JVN75617741/index.html
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html
https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
https://usn.ubuntu.com/4115-1/
https://usn.ubuntu.com/4118-1/
https://usn.ubuntu.com/4145-1/
https://usn.ubuntu.com/4147-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-2215
Bugtraq: 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01) (Google Search)
https://seclists.org/bugtraq/2019/Nov/11
http://seclists.org/fulldisclosure/2019/Oct/38
http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
https://usn.ubuntu.com/4186-1/
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.