Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian LTS: Security Advisory for linux-4.9 (DLA-2114-1)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the 'linux-4.9' package(s) announced via the DLA-2114-1 advisory.
Insight
Insight
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2018-13093, CVE-2018-13094 Wen Xu from SSLab at Gatech reported several NULL pointer dereference flaws that may be triggered when mounting and operating a crafted XFS volume. An attacker able to mount arbitrary XFS volumes could use this to cause a denial of service (crash). CVE-2018-20976 It was discovered that the XFS file-system implementation did not correctly handle some mount failure conditions, which could lead to a use-after-free. The security impact of this is unclear. CVE-2018-21008 It was discovered that the rsi wifi driver did not correctly handle some failure conditions, which could lead to a use-after- free. The security impact of this is unclear. CVE-2019-0136 It was discovered that the wifi soft-MAC implementation (mac80211) did not properly authenticate Tunneled Direct Link Setup (TDLS) messages. A nearby attacker could use this for denial of service (loss of wifi connectivity). CVE-2019-2215 The syzkaller tool discovered a use-after-free vulnerability in the Android binder driver. A local user on a system with this driver enabled could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. However, this driver is not enabled on Debian packaged kernels. CVE-2019-10220 Various developers and researchers found that if a crafted file- system or malicious file server presented a directory with filenames including a '/' character, this could confuse and possibly defeat security checks in applications that read the directory. The kernel will now return an error when reading such a directory, rather than passing the invalid filenames on to user-space. CVE-2019-14615 It was discovered that Intel 9th and 10th generation GPUs did not clear user-visible state during a context switch, which resulted in information leaks between GPU tasks. This has been mitigated in the i915 driver. The affected chips (gen9 and gen10) are listed at < CVE-2019-14814, CVE-2019-14815, CVE-2019-14816 Multiple bugs were discovered in the mwifiex wifi driver, which could lead to heap buffer overflows. A local user permitted to configure a device handled by this driver could probably use this for privilege escalation. CVE-2019-14895, CVE-2019-14901 ADLab of Venustech discovered potential heap buffer overflows in the mwifiex wifi driver. On systems using this driver, a malicious Wireless Access Point or adhoc/P2P peer could use these to cause a denial of service (memory corruption or crash) or possibly for remote code ... Description truncated. Please see the references for more information.
Affected Software
Affected Software
'linux-4.9' package(s) on Debian Linux.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
For Debian 8 'Jessie', these problems have been fixed in version 4.9.210-1~deb8u1. This update additionally fixes Debian bugs #869511 and 945023, and includes many more bug fixes from stable updates 4.9.190-4.9.210 inclusive. We recommend that you upgrade your linux-4.9 packages.
Common Vulnerabilities and Exposures (CVE)
- CVE-2018-13093
- CVE-2018-13094
- CVE-2018-20976
- CVE-2018-21008
- CVE-2019-0136
- CVE-2019-10220
- CVE-2019-14615
- CVE-2019-14814
- CVE-2019-14815
- CVE-2019-14816
- CVE-2019-14895
- CVE-2019-14896
- CVE-2019-14897
- CVE-2019-14901
- CVE-2019-15098
- CVE-2019-15217
- CVE-2019-15291
- CVE-2019-15505
- CVE-2019-15917
- CVE-2019-16746
- CVE-2019-17052
- CVE-2019-17053
- CVE-2019-17054
- CVE-2019-17055
- CVE-2019-17056
- CVE-2019-17075
- CVE-2019-17133
- CVE-2019-17666
- CVE-2019-18282
- CVE-2019-18683
- CVE-2019-18809
- CVE-2019-19037
- CVE-2019-19051
- CVE-2019-19052
- CVE-2019-19056
- CVE-2019-19057
- CVE-2019-19062
- CVE-2019-19066
- CVE-2019-19068
- CVE-2019-19227
- CVE-2019-19332
- CVE-2019-19447
- CVE-2019-19523
- CVE-2019-19524
- CVE-2019-19525
- CVE-2019-19527
- CVE-2019-19530
- CVE-2019-19531
- CVE-2019-19532
- CVE-2019-19533
- CVE-2019-19534
- CVE-2019-19535
- CVE-2019-19536
- CVE-2019-19537
- CVE-2019-19767
- CVE-2019-19947
- CVE-2019-19965
- CVE-2019-20096
- CVE-2019-2215