The new Linux kernel update for Debian GNU/Linux 10 is here to fix no less than 11 security vulnerabilities. Key among these is CVE-2020-28374, a critical flaw discovered by David Disseldorp in Linux kernel's LIO SCSI target implementation. Unaddressed, the flaw could allow a remote attacker with access to at least one iSCSI LUN in a multiple backstore environment to expose sensitive information or modify data. Same goes for CVE-2020-36158, a buffer overflow flaw discovered in the mwifiex Wi-Fi driver that could allow remote attackers to execute arbitrary code via a long SSID value.
Unaddressed, the flaw could allow a remote attacker to expose sensitive information or modify data.