Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

  - CVE-2018-20836     chenxiang reported a race condition in libsas, the     kernel subsystem supporting Serial Attached SCSI (SAS)     devices, which could lead to a use-after-free. It is not     clear how this might be exploited.

  - CVE-2019-1125     It was discovered that most x86 processors could     speculatively skip a conditional SWAPGS instruction used     when entering the kernel from user mode, and/or could     speculatively execute it when it should be skipped. This     is a subtype of Spectre variant 1, which could allow     local users to obtain sensitive information from the     kernel or other processes. It has been mitigated by     using memory barriers to limit speculative execution.
    Systems using an i386 kernel are not affected as the     kernel does not use SWAPGS.

  - CVE-2019-1999     A race condition was discovered in the Android binder     driver, which could lead to a use-after-free. If this     driver is loaded, a local user might be able to use this     for denial-of-service (memory corruption) or for     privilege escalation.

  - CVE-2019-10207     The syzkaller tool found a potential null dereference in     various drivers for UART-attached Bluetooth adapters. A     local user with access to a pty device or other suitable     tty device could use this for denial-of-service     (BUG/oops).

  - CVE-2019-10638     Amit Klein and Benny Pinkas discovered that the     generation of IP packet IDs used a weak hash function,     'jhash'. This could enable tracking individual computers     as they communicate with different remote servers and     from different networks. The 'siphash' function is now     used instead.

  - CVE-2019-12817     It was discovered that on the PowerPC (ppc64el)     architecture, the hash page table (HPT) code did not     correctly handle fork() in a process with memory mapped     at addresses above 512 TiB. This could lead to a     use-after-free in the kernel, or unintended sharing of     memory between user processes. A local user could use     this for privilege escalation. Systems using the radix     MMU, or a custom kernel with a 4 KiB page size, are not     affected.

  - CVE-2019-12984     It was discovered that the NFC protocol implementation     did not properly validate a netlink control message,     potentially leading to a NULL pointer dereference. A     local user on a system with an NFC interface could use     this for denial-of-service (BUG/oops).

  - CVE-2019-13233     Jann Horn discovered a race condition on the x86     architecture, in use of the LDT. This could lead to a     use-after-free. A local user could possibly use this for     denial-of-service.

  - CVE-2019-13631     It was discovered that the gtco driver for USB input     tablets could overrun a stack buffer with constant data     while parsing the device's descriptor. A physically     present user with a specially constructed USB device     could use this to cause a denial-of-service (BUG/oops),     or possibly for privilege escalation.

  - CVE-2019-13648     Praveen Pandey reported that on PowerPC (ppc64el)     systems without Transactional Memory (TM), the kernel     would still attempt to restore TM state passed to the     sigreturn() system call. A local user could use this for     denial-of-service (oops).

  - CVE-2019-14283     The syzkaller tool found a missing bounds check in the     floppy disk driver. A local user with access to a floppy     disk device, with a disk present, could use this to read     kernel memory beyond the I/O buffer, possibly obtaining     sensitive information.

  - CVE-2019-14284     The syzkaller tool found a potential division-by-zero in     the floppy disk driver. A local user with access to a     floppy disk device could use this for denial-of-service     (oops).

Detections

Analytics

Debian DSA-4495-1 : linux - security update

high Nessus Plugin ID 127491

Version 1.4

Version 1.3

Version 1.4 May 7, 2024, 10:55 AM CVSSv2 score source (set to "CVE-2018-20836") Plugin Feed: 202405071055
Version 1.3 Mar 27, 2024, 7:16 PM Detection (Debian kernel vulns will now be evaluated against the running kernel version instead of the highest installed version) Plugin Feed: 202403271916