New Debian Buster Linux Kernel Security Update Fixes 11 Vulnerabilities

9to5Linux

The Debian Project released today a new Linux kernel security update for its stable Debian GNU/Linux 10 “Buster” operating system series to address several vulnerabilities and some bugs.

The new Linux kernel update for Debian GNU/Linux 10 is here to fix no less than 11 security vulnerabilities, including CVE-2020-28374, a critical flaw discovered by David Disseldorp in Linux kernel’s LIO SCSI target implementation, allowing a remote attacker with access to at least one iSCSI LUN in a multiple backstore environment to expose sensitive information or modify data.

Same goes for CVE-2020-36158, a buffer overflow flaw discovered in the mwifiex Wi-Fi driver that could allow remote attackers to execute arbitrary code via a long SSID value.

Also fixed in this new Debian kernel security update is CVE-2021-20177, a flaw discovered in Linux kernel’s string matching implementation within a packet, which could allow a privileged user with root or CAP_NET_ADMIN privileges to cause a kernel panic when inserting iptables rules, as well as CVE-2020-27825, a use-after-free flaw found in the ftrace ring buffer resizing logic, which could result in denial of service or information leak.

Two other use-after-free flaws were fixed, namely CVE-2020-29569, discovered by Olivier Benjamin and Pawel Wieczorkiewicz in the Linux kernel through 5.10.1, allowing a misbehaving guest to trigger a dom0 crash by continuously connecting and disconnecting a block frontend, and CVE-2021-3347, discovered in the Linux kernel through 5.10.11 and allowing an unprivileged user to crash the kernel or escalate his/her privileges.

Full article