
CVE-2020-25639 – Ubuntu Security Notice USN-4949-1
https://notcve.org/view.php?id=CVE-2020-25639
15 Jan 2021 — A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system. Se encontró un fallo de desreferencia del puntero NULL en la funcionalidad del controlador GPU Nouveau del kernel de Linux en versiones anteriores a 5.12-rc1, en la manera en que el usuario llama a ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. Este fallo permite que un usuari... • https://bugzilla.redhat.com/show_bug.cgi?id=1876995 • CWE-476: NULL Pointer Dereference •

CVE-2020-28374 – kernel: SCSI target (LIO) write to any block on ILO backstore
https://notcve.org/view.php?id=CVE-2020-28374
13 Jan 2021 — In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. En el archivo drivers/target/target_core_xcopy.c... • http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVE-2020-27786 – kernel: use-after-free in kernel midi subsystem
https://notcve.org/view.php?id=CVE-2020-27786
11 Dec 2020 — A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en la implementaci... • https://github.com/kiks7/CVE-2020-27786-Kernel-Exploit • CWE-416: Use After Free •

CVE-2020-29660 – kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-after-free
https://notcve.org/view.php?id=CVE-2020-29660
09 Dec 2020 — A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. Se detectó un problema de inconsistencia de bloqueo en el subsistema tty del kernel de Linux versiones hasta 5.9.13. Los archivos drivers/tty/tty_io.c y drivers/tty/tty_jobctrl.c pueden permitir un ataque de lectura de la memoria previamente liberada contra TIOCGSID, también se conoc... • http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html • CWE-416: Use After Free CWE-667: Improper Locking •

CVE-2020-27777 – kernel: powerpc: RTAS calls can be used to compromise kernel integrity
https://notcve.org/view.php?id=CVE-2020-27777
05 Dec 2020 — A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. Se encontró un fallo en la manera en que RTAS manejaba los accesos a la memoria en el espacio de usuario para la comunicación del kernel. En un sistema invitado bloqueado (generalm... • https://bugzilla.redhat.com/show_bug.cgi?id=1900844 • CWE-862: Missing Authorization •

CVE-2020-25668 – Ubuntu Security Notice USN-4679-1
https://notcve.org/view.php?id=CVE-2020-25668
29 Nov 2020 — A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. Se encontró un fallo en el Kernel de Linux porque el acceso a la variable global fg_console no está correctamente sincronizado, conllevando a un uso de la memoria previamente liberada en la función con_font_op It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensit... • https://github.com/hshivhare67/Kernel_4.1.15_CVE-2020-25668 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-662: Improper Synchronization •

CVE-2020-25656 – kernel: use-after-free in read in vt_do_kdgkb_ioctl
https://notcve.org/view.php?id=CVE-2020-25656
29 Nov 2020 — A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. Se encontró un fallo en el kernel de Linux. • https://bugzilla.redhat.com/show_bug.cgi?id=1888726 • CWE-416: Use After Free •

CVE-2020-29370 – openSUSE Security Advisory - openSUSE-SU-2021:0242-1
https://notcve.org/view.php?id=CVE-2020-29370
28 Nov 2020 — An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71. Se detectó un problema en la función kmem_cache_alloc_bulk en el archivo mm/slub.c en el kernel de Linux versiones anteriores a 5.5.11. La slowpath carece del incremento de TID requerido, también se conoce como CID-fd4d9c7d0c71 An update that solves 79 vulnerabilities and has 676 fixes is now available. This update syncs the RT kernel from the ... • https://github.com/nanopathi/linux-4.19.72_CVE-2020-29370 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVE-2020-29371 – Ubuntu Security Notice USN-4752-1
https://notcve.org/view.php?id=CVE-2020-29371
28 Nov 2020 — An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd. Se detectó un problema en la función romfs_dev_read en el archivo fs/romfs/storage.c en el kernel de Linux versiones anteriores a 5.8.4. Una pérdida de memoria no inicializada en el espacio de usuario, también se conoce como CID-bcf85fcedfdd Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-conne... • https://bugs.chromium.org/p/project-zero/issues/detail?id=2077 • CWE-908: Use of Uninitialized Resource •

CVE-2020-29372 – Kernel Live Patch Security Notice LSN-0075-1
https://notcve.org/view.php?id=CVE-2020-29372
28 Nov 2020 — An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e. Se detectó un problema en la función do_madvise en el archivo mm/madvise.c en el kernel de Linux versiones anteriores a 5.6.8. Se presenta una condición de carrera entre las operaciones de volcado de núcleo y la implementación de IORING_OP_MADVISE, también se conoce como CID-bc0c4d1e176e Piotr Krysiuk dis... • http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •