Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian LTS: Security Advisory for linux-4.9 (DLA-2242-1)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the 'linux-4.9' package(s) announced via the DLA-2242-1 advisory.
Insight
Insight
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-2182 Hanjun Guo and Lei Li reported a race condition in the arm64 virtual memory management code, which could lead to an information disclosure, denial of service (crash), or possibly privilege escalation. CVE-2019-5108 Mitchell Frank of Cisco discovered that when the IEEE 802.11 (WiFi) stack was used in AP mode with roaming, it would trigger roaming for a newly associated station before the station was authenticated. An attacker within range of the AP could use this to cause a denial of service, either by filling up a switching table or by redirecting traffic away from other stations. CVE-2019-19319 Jungyeon discovered that a crafted filesystem can cause the ext4 implementation to deallocate or reallocate journal blocks. A user permitted to mount filesystems could use this to cause a denial of service (crash), or possibly for privilege escalation. CVE-2019-19462 The syzbot tool found a missing error check in the 'relay' library used to implement various files under debugfs. A local user permitted to access debugfs could use this to cause a denial of service (crash) or possibly for privilege escalation. CVE-2019-19768 Tristan Madani reported a race condition in the blktrace debug facility that could result in a use-after-free. A local user able to trigger removal of block devices could possibly use this to cause a denial of service (crash) or for privilege escalation. CVE-2019-20806 A potential null pointer dereference was discovered in the tw5864 media driver. The security impact of this is unclear. CVE-2019-20811 The Hulk Robot tool found a reference-counting bug in an error path in the network subsystem. The security impact of this is unclear. CVE-2020-0543 Researchers at VU Amsterdam discovered that on some Intel CPUs supporting the RDRAND and RDSEED instructions, part of a random value generated by these instructions may be used in a later speculative execution on any core of the same physical CPU. Depending on how these instructions are used by applications, a local user or VM guest could use this to obtain sensitive information such as cryptographic keys from other users or VMs. This vulnerability can be mitigated by a microcode update, either as part of system firmware (BIOS) or through the intel-microcode package in Debian's non-free archive section. This kernel update only provides reporting of the vulnerability and the option to disable the mitigation if it is not needed. CVE-2020-2732 Paulo Bonzini discovered that the KVM implemen ... Description truncated. Please see the references for more information.
Affected Software
Affected Software
'linux-4.9' package(s) on Debian Linux.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
For Debian 8 'Jessie', these problems have been fixed in version 4.9.210-1+deb9u1~deb8u1. This version also fixes some related bugs that do not have their own CVE IDs, and a regression in the macvlan driver introduced in the previous security update (bug #952660). We recommend that you upgrade your linux-4.9 packages.
Common Vulnerabilities and Exposures (CVE)
- CVE-2019-19319
- CVE-2019-19462
- CVE-2019-19768
- CVE-2019-20806
- CVE-2019-20811
- CVE-2019-2182
- CVE-2019-5108
- CVE-2020-0543
- CVE-2020-10711
- CVE-2020-10732
- CVE-2020-10751
- CVE-2020-10757
- CVE-2020-10942
- CVE-2020-11494
- CVE-2020-11565
- CVE-2020-11608
- CVE-2020-11609
- CVE-2020-11668
- CVE-2020-12114
- CVE-2020-12464
- CVE-2020-12652
- CVE-2020-12653
- CVE-2020-12654
- CVE-2020-12770
- CVE-2020-13143
- CVE-2020-2732
- CVE-2020-8428
- CVE-2020-8647
- CVE-2020-8648
- CVE-2020-8649
- CVE-2020-9383