Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Debian Local Security Checks
Title:Debian LTS: Security Advisory for linux-4.19 (DLA-2690-1)
Summary:The remote host is missing an update for the 'linux-4.19'; package(s) announced via the DLA-2690-1 advisory.
The remote host is missing an update for the 'linux-4.19'
package(s) announced via the DLA-2690-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in the Linux kernel that
may lead to the execution of arbitrary code, privilege escalation,
denial of service, or information leaks.

CVE-2020-24586, CVE-2020-24587, CVE-2020-26147

Mathy Vanhoef discovered that many Wi-Fi implementations,
including Linux's mac80211, did not correctly implement reassembly
of fragmented packets. In some circumstances, an attacker within
range of a network could exploit these flaws to forge arbitrary
packets and/or to access sensitive data on that network.


Mathy Vanhoef discovered that most Wi-Fi implementations,
including Linux's mac80211, did not authenticate the 'is
aggregated' packet header flag. An attacker within range of a
network could exploit this to forge arbitrary packets on that

CVE-2020-25670, CVE-2020-25671, CVE-2021-23134

kiyin of TenCent discovered several reference counting bugs
in the NFC LLCP implementation which could lead to use-after-free.
A local user could exploit these for denial of service (crash or
memory corruption) or possibly for privilege escalation.

Nadav Markus and Or Cohen of Palo Alto Networks discovered that
the original fixes for these introduced a new bug that could
result in use-after-free and double-free. This has also been


kiyin of TenCent discovered a memory leak in the NFC LLCP
implementation. A local user could exploit this for denial of
service (memory exhaustion).


Mathy Vanhoef discovered that a bug in some Wi-Fi implementations,
including Linux's mac80211. When operating in AP mode, they would
forward EAPOL frames from one client to another while the sender
was not yet authenticated. An attacker within range of a network
could use this for denial of service or as an aid to exploiting
other vulnerabilities.

CVE-2020-26558, CVE-2021-0129

Researchers at ANSSI discovered vulnerabilities in the Bluetooth
Passkey authentication method, and in Linux's implementation of
it. An attacker within range of two Bluetooth devices while they
pair using Passkey authentication could exploit this to obtain the
shared secret (Passkey) and then impersonate either of the devices
to each other.


Jann Horn of Google reported a flaw in Linux's virtual memory
management. A parent and child process initially share all their
memory, but when either writes to a shared page, the page is
duplicated and unshared (copy-on-write). However, in case an
operation such as vmsplice() required the kernel to take an
additional reference to a shared page, and a copy-on-write occurs
during this operation, the kernel might have accessed the wrong ...

Description truncated. Please see the references for more information.

Affected Software/OS:
'linux-4.19' package(s) on Debian Linux.

For Debian 9 stretch, these problems have been fixed in version
deb9u1. This update additionally fixes Debian bug
#986949, #988352, and #989451, and includes many more bug fixes from
stable updates 4.19.182-4.19.194 inclusive.

We recommend that you upgrade your linux-4.19 packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2021-0129
Common Vulnerability Exposure (CVE) ID: CVE-2021-3483
Common Vulnerability Exposure (CVE) ID: CVE-2021-3506
Common Vulnerability Exposure (CVE) ID: CVE-2021-3564
Common Vulnerability Exposure (CVE) ID: CVE-2021-3573
Common Vulnerability Exposure (CVE) ID: CVE-2021-3587
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.