CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 1CVE-2020-25645 – kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints
https://notcve.org/view.php?id=CVE-2020-25645
13 Oct 2020 — A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. Se encontró un fallo en el kernel de Linux en versiones anteriores a 5.9-rc7. El tráfico entre dos endpoints Geneve puede no estar cifrado cuando I... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2020-25641 – kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS
https://notcve.org/view.php?id=CVE-2020-25641
06 Oct 2020 — A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo en la implementación de biovecs del kernel de Linux en versione... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2020-26541 – kernel: security bypass in certs/blacklist.c and certs/system_keyring.c
https://notcve.org/view.php?id=CVE-2020-26541
02 Oct 2020 — The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. El kernel de Linux versiones hasta 5.8.13, no aplica apropiadamente el mecanismo de protección Secure Boot Forbidden Signature Database (también se conoce como dbx). Esto afecta a los archivos certs/blacklist.c y certs/system_keyring.c A flaw was found in the Linux kernel in certs/blacklist.c, When signature ent... • https://lkml.org/lkml/2020/9/15/1871 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.3EPSS: 1%CPEs: 11EXPL: 1CVE-2020-14305 – kernel: memory corruption in Voice over IP nf_conntrack_h323 module
https://notcve.org/view.php?id=CVE-2020-14305
30 Sep 2020 — An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo de escritura de memoria fuera de límites en la manera en que la funcionalidad connection tracking Voice Over IP H.323 de... • https://bugs.openvz.org/browse/OVZ-7188 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-26088 – Ubuntu Security Notice USN-4578-1
https://notcve.org/view.php?id=CVE-2020-26088
24 Sep 2020 — A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. Una falta de comprobación de CAP_NET_RAW en la creación de sockets NFC en el archivo net/nfc/rawsock.c en el Kernel de Linux versiones anteriores a 5.8.2, podría ser usada por unos atacantes locales para crear sockets sin procesar, omitiendo los mecanismos de seguridad, también se conoce como CID-... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html • CWE-276: Incorrect Default Permissions •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2020-14390 – Ubuntu Security Notice USN-4658-2
https://notcve.org/view.php?id=CVE-2020-14390
18 Sep 2020 — A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Se encontró un fallo en el kernel de Linux en las versiones anteriores a 5.9-rc6. Cuando se cambia el tamaño de la pantalla, puede ocurrir una escritura de memoria fuera de límites conllevando a una corrupción de la memoria o una denegación de serv... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html • CWE-787: Out-of-bounds Write •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2020-14385 – kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt
https://notcve.org/view.php?id=CVE-2020-14385
15 Sep 2020 — A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo en el kernel de Linux versiones anteriores a 5.9-rc4. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 4.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-25284 – kernel: incomplete permission checking for access to rbd devices
https://notcve.org/view.php?id=CVE-2020-25284
13 Sep 2020 — The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. El controlador de dispositivo del bloque rbd en el archivo drivers/block/rbd.c en el kernel de Linux versiones hasta 5.8.9, usaba una comprobación incompleta de permisos para acceder a dispositivos rbd, que podrían ser aprovechados por atacantes locales para asig... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-863: Incorrect Authorization •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25285 – kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c
https://notcve.org/view.php?id=CVE-2020-25285
13 Sep 2020 — A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. Una condición de carrera entre los manejadores hugetlb sysctl en el archivo mm/hugetlb.c en el kernel de Linux versiones anteriores a 5.8.8, podría ser usada por atacantes locales para corromper la memoria, causar una desreferencia del puntero NULL o posiblemente... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.8 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2020-25212 – kernel: TOCTOU mismatch in the NFS client code
https://notcve.org/view.php?id=CVE-2020-25212
09 Sep 2020 — A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. Una discrepancia de TOCTOU en el código del cliente NFS en el kernel de Linux versiones anteriores a 5.8.3, podría ser usada por atacantes locales para dañar la memoria o posiblemente tener otro impacto no especificado porque una comprobación de tam... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-787: Out-of-bounds Write •