Debian Security Advisory DSA-4941-1 linux

English

Debian security advisory DSA-4941-1 linux.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Debian security advisory DSA-4941-1 linux.

Package: linux
CVE ID:

  • CVE-2020-36311
  • CVE-2021-3609
  • CVE-2021-33909
  • CVE-2021-34693

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

CVE-2020-36311:
A flaw was discovered in the KVM subsystem for AMD CPUs, allowing an attacker to cause a denial of service by triggering destruction of a large SEV VM.

CVE-2021-3609:
Norbert Slusarek reported a race condition vulnerability in the CAN BCM networking protocol, allowing a local attacker to escalate privileges.

CVE-2021-33909:
The Qualys Research Labs discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer. An unprivileged local attacker able to create, mount, and then delete a deep directory structure whose total path length exceeds 1GB, can take advantage of this flaw for privilege escalation.

Details can be found in the Qualys advisory at:
https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege...

CVE-2021-34693:
Norbert Slusarek discovered an information leak in the CAN BCM networking protocol. A local attacker can take advantage of this flaw to obtain sensitive information from kernel stack memory.

For the stable distribution Debian 10 "Buster", these problems have been fixed in version 4.19.194-3.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security tracker page.

Games For Linux

Windows has always been the preferred platform for gaming, but after STEAM's interest in Linux more game developers are making their games natively available for Linux.

Disclaimer

All information on this website is published in good faith and for general educational purposes and for use in safe testing environments only. While linuxexperten.com strives to make the information on this site as accurate as possible, linuxexperten.com does not warrant its completeness, reliability and accuracy.

We are not responsible for any losses or damages associated with the use of our website. While we strive to provide only links to useful websites, we have no control over the content of these sites and links to other sites do not constitute a recommendation for all content contained on these websites.

 

Site Information

This is a professional review site that receives compensation from the companies whose products reviewed. Each service or product are thoroughly tested and given high marks if considered to be the very best. Independently owned and the opinions expressed here are no one elses.

 

Limited Time Offers

Coming soon...