CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11725
https://notcve.org/view.php?id=CVE-2020-11725
12 Apr 2020 — snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info->owner field to represent data unrelated to the "owner" concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have be... • https://github.com/torvalds/linux/blob/3b2549a3740efb8af0150415737067d87e466c5b/sound/core/control.c#L1434-L1474 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11669 – kernel: powerpc: guest can cause DoS on POWER9 KVM hosts
https://notcve.org/view.php?id=CVE-2020-11669
10 Apr 2020 — An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd. Se detectó un problema en el kernel de Linux versiones anteriores a 5.2, en la plataforma powerpc. El archivo arch/powerpc/kernel/idle_book3s.S no posee la funcionalidad de guardar y restaurar para PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR y PNV_POWERSAVE_AMOR, también ... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html • CWE-393: Return of Wrong Status Code •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11668 – kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c
https://notcve.org/view.php?id=CVE-2020-11668
09 Apr 2020 — In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. En el archivo drivers/media/usb/gspca/xirlink_cit.c de kernel de Linux versiones anteriores a 5.6.1, (también se conoce como el controlador USB de la cámara Xirlink) maneja inapropiadamente los descriptores no válidos, también se conoce como CID-a246b4d54770. A NULL pointer dereference flaw was found in the Xirlink camera USB driver 'xirlink-cit' i... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1 • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 0%CPEs: 23EXPL: 0CVE-2019-20636 – kernel: out-of-bounds write via crafted keycode table
https://notcve.org/view.php?id=CVE-2019-20636
08 Apr 2020 — In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. En el kernel de Linux versiones anteriores a 5.4.12, el archivo drivers/input/input.c presenta escrituras fuera de límites por medio de una tabla de códigos clave diseñada, como es demostrado en la función input_set_keycode, también se conoce como CID-cb222aed03d7. An out-of-bounds write flaw was found in the Linux kernel. A crafted keycod... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12 • CWE-787: Out-of-bounds Write •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11609 – Debian Security Advisory 4698-1
https://notcve.org/view.php?id=CVE-2020-11609
07 Apr 2020 — An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93. Se detectó un problema en el subsistema stv06xx en el kernel de Linux versiones anteriores a 5.6.1. Los archivos drivers/media/usb/gspca/stv06xx/stv06xx.c y drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c manejan inapropiadamente los... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-476: NULL Pointer Dereference •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11608 – kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c
https://notcve.org/view.php?id=CVE-2020-11608
07 Apr 2020 — An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d. Se detectó un problema en el kernel de Linux versiones anteriores a 5.6.1. El archivo drivers/media/usb/gspca/ov519.c, permite desreferencias del puntero NULL en las funciones ov511_mode_init_regs y ov518_mode_init_regs cuando hay cero endpoints, también se conoce como CID-998912346c0d.... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2020-11565 – kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c
https://notcve.org/view.php?id=CVE-2020-11565
06 Apr 2020 — An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.” ** EN DISPUTA ** Se detectó un problema en... • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd • CWE-787: Out-of-bounds Write •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 1CVE-2020-10942 – kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field
https://notcve.org/view.php?id=CVE-2020-10942
24 Mar 2020 — In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. En el kernel de Linux versiones anteriores a 5.5.8, la función get_raw_socket en el archivo drivers/vhost/net.c carece de una comprobación de un campo sk_family, que podría permitir a atacantes desencadenar una corrupción de pila del kernel por medio de llamadas de sistema diseñadas. A stack buffer overflow is... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-8992 – Ubuntu Security Notice USN-4419-1
https://notcve.org/view.php?id=CVE-2020-8992
14 Feb 2020 — ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. La función ext4_protect_reserved_inode en el archivo fs/ext4/block_validity.c en el kernel de Linux versiones hasta 5.5.3, permite a atacantes causar una denegación de servicio (soft lockup) por medio de un journal size diseñado. It was discovered that a race condition existed in the Precision Time Protocol implementation in the Lin... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-400: Uncontrolled Resource Consumption CWE-834: Excessive Iteration •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-0810 – kernel-rt: stack corruption when task gets scheduled out using the debug stack
https://notcve.org/view.php?id=CVE-2012-0810
12 Feb 2020 — The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention. El manejador int3 en el kernel de Linux versiones anteriores a 3.3, se basa en una pila de depuración por CPU, que permite a usuarios locales causar una denegación de servicio (corrupción de pila y pánico) por medio de una aplicación diseñada que desencadena determinada contención d... • https://bugzilla.redhat.com/show_bug.cgi?id=794557 • CWE-400: Uncontrolled Resource Consumption •