-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.3225
                           linux security update
                             27 September 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           linux
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account      
                   Increased Privileges            -- Existing Account      
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-41073 CVE-2021-40490 CVE-2021-38199
                   CVE-2021-38166 CVE-2021-38160 CVE-2021-37576
                   CVE-2021-3753 CVE-2021-3743 CVE-2021-3739
                   CVE-2021-3732 CVE-2021-3679 CVE-2021-3656
                   CVE-2021-3653 CVE-2020-16119 CVE-2020-3702

Reference:         ESB-2021.3185
                   ESB-2021.3070
                   ESB-2021.3017

Original Bulletin: 
   http://www.debian.org/security/2021/dsa-4978

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4978-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
September 25, 2021                    https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2020-3702 CVE-2020-16119 CVE-2021-3653 CVE-2021-3656 
                 CVE-2021-3679 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 
                 CVE-2021-3753 CVE-2021-37576 CVE-2021-38160 CVE-2021-38166 
                 CVE-2021-38199 CVE-2021-40490 CVE-2021-41073
Debian Bug     : 993948 993978

Several vulnerabilities have been discovered in the Linux kernel
that may lead to a privilege escalation, denial of service or
information leaks.

CVE-2020-3702

    A flaw was found in the driver for Atheros IEEE 802.11n family of
    chipsets (ath9k) allowing information disclosure.

CVE-2020-16119

    Hadar Manor reported a use-after-free in the DCCP protocol
    implementation in the Linux kernel. A local attacker can take
    advantage of this flaw to cause a denial of service or potentially
    to execute arbitrary code.

CVE-2021-3653

    Maxim Levitsky discovered a vulnerability in the KVM hypervisor
    implementation for AMD processors in the Linux kernel: Missing
    validation of the `int_ctl` VMCB field could allow a malicious L1
    guest to enable AVIC support (Advanced Virtual Interrupt Controller)
    for the L2 guest. The L2 guest can take advantage of this flaw to
    write to a limited but still relatively large subset of the host
    physical memory.

CVE-2021-3656

    Maxim Levitsky and Paolo Bonzini discovered a flaw in the KVM
    hypervisor implementation for AMD processors in the Linux kernel.
    Missing validation of the the `virt_ext` VMCB field could allow a
    malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS
    (Virtual VMLOAD/VMSAVE) for the L2 guest. Under these circumstances,
    the L2 guest is able to run VMLOAD/VMSAVE unintercepted and thus
    read/write portions of the host's physical memory.

CVE-2021-3679

    A flaw in the Linux kernel tracing module functionality could allow
    a privileged local user (with CAP_SYS_ADMIN capability) to cause a
    denial of service (resource starvation).

CVE-2021-3732

    Alois Wohlschlager reported a flaw in the implementation of the
    overlayfs subsystem, allowing a local attacker with privileges to
    mount a filesystem to reveal files hidden in the original mount.

CVE-2021-3739

    A NULL pointer dereference flaw was found in the btrfs filesystem,
    allowing a local attacker with CAP_SYS_ADMIN capabilities to cause a
    denial of service.

CVE-2021-3743

    An out-of-bounds memory read was discovered in the Qualcomm IPC
    router protocol implementation, allowing to cause a denial of
    service or information leak.

CVE-2021-3753

    Minh Yuan reported a race condition in the vt_k_ioctl in
    drivers/tty/vt/vt_ioctl.c, which may cause an out of bounds
    read in vt.

CVE-2021-37576

    Alexey Kardashevskiy reported a buffer overflow in the KVM subsystem
    on the powerpc platform, which allows KVM guest OS users to cause
    memory corruption on the host.

CVE-2021-38160

    A flaw in the virtio_console was discovered allowing data corruption
    or data loss by an untrusted device.

CVE-2021-38166

    An integer overflow flaw in the BPF subsystem could allow a local
    attacker to cause a denial of service or potentially the execution
    of arbitrary code. This flaw is mitigated by default in Debian as
    unprivileged calls to bpf() are disabled.

CVE-2021-38199

    Michael Wakabayashi reported a flaw in the NFSv4 client
    implementation, where incorrect connection setup ordering allows
    operations of a remote NFSv4 server to cause a denial of service.

CVE-2021-40490

    A race condition was discovered in the ext4 subsystem when writing
    to an inline_data file while its xattrs are changing. This could
    result in denial of service.

CVE-2021-41073

    Valentina Palmiotti discovered a flaw in io_uring allowing a local
    attacker to escalate privileges.

For the stable distribution (bullseye), these problems have been fixed in
version 5.10.46-5. This update includes fixes for #993948 and #993978.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmFO2GNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TnbQ/8C5VZ8M2c1r7inKdf/JxcNqAgmquOVo/Ib9Ei17r+7/IXa4mo/FCz4xOb
V68lNhqA43GJPWGHcj8mndVfkTHnn0PRekd5oPoKTdo4fJS0JEipUvNM3W+ukYVo
eJi9+rV6fLmA9w0TTLqRaAZG1jjHxKqNo0XjbwGMhM8+hp5grAGuZrNfQ8mJk/CX
RM8PyeWFTkio0eVr5G4wgxSDLJeg3Aa9azYvfXhgZ8OCl1ArSgLN3xhHqfuXFPAN
F2i8ZRSwwlFtkea/Zm1eet+uwEs3Mz0pCXxBApITIaPh8Zo1Lj/0u8BBQqbGTuiF
6JNYnZc6TZ16DI3M8/a4x8sjG/C4Q6D+rOTpfaoydz4kcGEFWZC7/L9Y0wmd11da
a4OIQq56Kk1bYI+G/7hl6BstLZxaqY/mafshV+nhQIzOBMBo35/r6Coz7AQUSJ5R
vpPv1CKSwwki9zic0aegXZRUd0SJAyNEOqpvDSlT0hy2nNlnYFKIAySlFv68Lz9M
RO/t4qFaKz07UdrNqN7E6qXZ6TZ18cIw2SQiozcR7g3CQ5WrBErxibkvmM4vHDgp
/AlmxCuiTNtBdwGNlcT16kCbvyQLx3wSzisUBceIQqb/XTw9Ti2ctDWgYStsscSC
LaEFBjJhYxBvDhnav4P2ZpHni5C1J/KS3qiR6wCEBTh4Qy5dYjo=
=L0c4
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYVEeTeNLKJtyKPYoAQi4CA/7BceeUvI+ByV3pb0yL/6hMdahCG4aZ5or
Mk2JSC6TzxzcQwFaDZnawxBMDQB3C3XAO/+5ach6tIQt31xM0wKcT+skXSbgAWEt
X0LOcvBKsUW/ziiH28d4otGrf3oNHB3OmnuueYqMW7+NHhZmPqtMvtypHy5jbafv
gmg4LqP1uWbByD0Pp5YyvX1Xz7x3XITKyERhFsyU5vQNVpwjNpbgihqbPrCRcj96
0+S972IQDWynLbibsMNC7YVRQ555nvMRfEYcHMRXl9PZlHuhOUmFhDqzlR797qx3
SH+m/ce7HkcsWpdqDjUd7+XXcg40hgWOqBcW7BTafDF7WgSC+BKZCD8kXuEdZuen
ig+Vw1oxCJ3vZ7GeTklvRamBes4xsIb3pNNNS8DAi12iKyCbCdhF+P8RqIZqaBsq
pXBd6lyegdTveuv0xRN7PBYt9c2Zn33SEsG5C+NzlbL8jaeCYFRzjAG4631t/MJ5
+6HTxVqE662G/+JsVxYH3UP1JB7SOGBGZsvWlzLjNuVALjL6STqft8e6Fo2FrtXt
rCguOasN1oXg11XxYWtCmyZIDWGVsh/ZkTQee9ylz2w8mAeXcCx9Wh5Ge31QWghy
zuekSpIKuaY9OmIOBR2dXqHWOSfcUo/vmobTjIThDtMOUrbkHFkve1iwiQQBIh1U
iuKoUKCK+ic=
=QFIv
-----END PGP SIGNATURE-----