---

Debian Releases New Linux Kernel Security Update for Debian 10 and Debian 9

Five security vulnerabilities have been fixed in this new Linux kernel security update for Debian GNU/Linux 10 “Buster” and Debian GNU/Linux 9 “Stretch” operating system series, including a backporting error (CVE-2019-15902) reported by Brad Spengler, which reintroduced a Spectre V1 vulnerability in Linux kernel’s ptrace subsystem, in the ptrace_get_debugreg() function. Also fixed is a race condition (CVE-2019-14821) discovered by Matt Delco in KVM’s coalesced MMIO facility, which could allow a local attacker with access to /dev/kvm to escalate his/her privileges or cause memory corruption or system crash, as well as a missing bounds check (CVE-2019-15117) discovered by Hui Peng and Mathias Payer in usb-audio driver’s descriptor parsing code, which could let an attacker that can add USB devices to cause a system crash.