CVE-2020-14305 – kernel: memory corruption in Voice over IP nf_conntrack_h323 module
https://notcve.org/view.php?id=CVE-2020-14305
An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo de escritura de memoria fuera de límites en la manera en que la funcionalidad connection tracking Voice Over IP H.323 del kernel de Linux, manejaba las conexiones en el puerto ipv6 1720. Este fallo permite a un usuario remoto no autenticado bloquear el sistema, causando una denegación de servicio. • https://bugs.openvz.org/browse/OVZ-7188 https://bugzilla.redhat.com/show_bug.cgi?id=1850716 https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502%40virtuozzo.com https://security.netapp.com/advisory/ntap-20201210-0004 https://access.redhat.com/security/cve/CVE-2020-14305 • CWE-787: Out-of-bounds Write •
CVE-2020-29370
https://notcve.org/view.php?id=CVE-2020-29370
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71. Se detectó un problema en la función kmem_cache_alloc_bulk en el archivo mm/slub.c en el kernel de Linux versiones anteriores a 5.5.11. La slowpath carece del incremento de TID requerido, también se conoce como CID-fd4d9c7d0c71 • https://bugs.chromium.org/p/project-zero/issues/detail?id=2022 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.11 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8 https://security.netapp.com/advisory/ntap-20201218-0001 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2020-15436 – kernel: use-after-free in fs/block_dev.c
https://notcve.org/view.php?id=CVE-2020-15436
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. La vulnerabilidad de tipo use-after-free en el archivo fs/block_dev.c en el kernel de Linux versiones anteriores a 5.8, permite a usuarios locales obtener privilegios o causar una denegación de servicio al aprovechar el acceso inapropiado a un determinado campo de error A use-after-free flaw was observed in blkdev_get(), in fs/block_dev.c after a call to __blkdev_get() fails, and its refcount gets freed/released. This problem may cause a denial of service problem with a special user privilege, and may even lead to a confidentiality issue. • https://lkml.org/lkml/2020/6/7/379 https://security.netapp.com/advisory/ntap-20201218-0002 https://access.redhat.com/security/cve/CVE-2020-15436 https://bugzilla.redhat.com/show_bug.cgi?id=1901168 • CWE-416: Use After Free •
CVE-2020-25692 – openldap: NULL pointer dereference for unauthenticated packet in slapd
https://notcve.org/view.php?id=CVE-2020-25692
A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service. Se encontró una desreferencia de puntero NULL en el servidor OpenLDAP y se corrigió en openldap versión 2.4.55, durante una petición para cambiar el nombre de los RDN. Un atacante no autenticado podría bloquear remotamente el proceso slapd al enviar una petición especialmente diseñada, causando una Denegación de Servicio A NULL pointer dereference flaw was found in the OpenLDAP server, during a request for renaming RDNs. This flaw allows a remote, unauthenticated attacker to crash the slapd process by sending a specially crafted request, causing a denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=1894567 https://security.netapp.com/advisory/ntap-20210108-0006 https://access.redhat.com/security/cve/CVE-2020-25692 • CWE-476: NULL Pointer Dereference •
CVE-2020-25221
https://notcve.org/view.php?id=CVE-2020-25221
get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743. La función get_gate_page en el archivo mm/gup.c en el kernel de Linux versiones 5.7.x y versiones 5.8.x anteriores a 5.8.7, permite una escalada de privilegios debido al conteo de referencias incorrecto (causado por el manejo inapropiado de una página de puerta) de la página de estructura que respalda la página vsyscall. El resultado es un subdesbordamiento del conteo. • http://www.openwall.com/lists/oss-security/2020/09/10/4 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7 https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2 https://security.netapp.com/advisory/ntap-20201001-0003 https://www.openwall.com/lists/oss-security/2020/09/08/4 • CWE-672: Operation on a Resource after Expiration or Release •