CVSS: 4.3EPSS: 1%CPEs: 21EXPL: 0CVE-2020-16166 – kernel: information exposure in drivers/char/random.c and kernel/time/timer.c
https://notcve.org/view.php?id=CVE-2020-16166
30 Jul 2020 — The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. El kernel de Linux versiones hasta 5.7.11, permite a atacantes remotos realizar observaciones que ayudan a obtener información confidencial sobre el estado interno de la red RNG, también se conoce como CID-f227e3ec3b5c. Esto está relacionado con los archivos d... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-330: Use of Insufficiently Random Values •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 2CVE-2020-10757 – kernel: kernel: DAX hugepages not considered during mremap
https://notcve.org/view.php?id=CVE-2020-10757
09 Jun 2020 — A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. Se encontró un fallo en el kernel de Linux en las versiones posteriores a 4.5-rc1, en la manera en que mremap manejó DAX Huge Pages. Este fallo permite a un atacante local con acceso a un almacenamiento habilitado para DAX escalar sus privilegios en el sistema A flaw was found in the way mre... • https://github.com/ShaikUsaf/linux-4.19.72_CVE-2020-10757 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.3EPSS: 0%CPEs: 44EXPL: 0CVE-2020-12888 – Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario
https://notcve.org/view.php?id=CVE-2020-12888
15 May 2020 — The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. El controlador VFIO PCI en el kernel de Linux versiones hasta 5.6.13, maneja inapropiadamente los intentos para acceder al espacio de memoria deshabilitado. A flaw was found in the Linux kernel, where it allows userspace processes, for example, a guest VM, to directly access h/w devices via its VFIO driver modules. The VFIO modules allow users to enable or disable access to the devices' MMIO memory ad... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html • CWE-248: Uncaught Exception CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.7EPSS: 0%CPEs: 44EXPL: 0CVE-2020-12770 – kernel: sg_write function lacks an sg_remove_request call in a certain failure case
https://notcve.org/view.php?id=CVE-2020-12770
09 May 2020 — An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. Se detectó un problema en el kernel de Linux versiones hasta 5.6.11. La función sg_write, carece de una llamada a sg_remove_request en un determinado caso de fallo, también se conoce como CID-83c6f2390040. A vulnerability was found in sg_write in drivers/scsi/sg.c in the SCSI generic (sg) driver subsystem. This flaw allows an attacker with local access and spe... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-10933 – ruby: BasicSocket#read_nonblock method leads to information disclosure
https://notcve.org/view.php?id=CVE-2020-10933
04 May 2020 — An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. Se descubrió un problema en Ruby versiones 2.5.x hasta 2.5.7, versiones 2.6.x hasta 2.6.5, y versión 2.7.0. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource •
CVSS: 7.0EPSS: 0%CPEs: 44EXPL: 0CVE-2020-11884 – Kernel: s390: page table upgrade in secondary address mode may lead to privilege escalation
https://notcve.org/view.php?id=CVE-2020-11884
28 Apr 2020 — In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur. En el kernel de Linux versión 4.9 hasta la versión 5.6.7, en la plataforma s390, una ejecución de código puede presentarse debido a una condición de carrera, como es demostrado por el código en la función enable_... • https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-1251: Mirrored Regions with Different Values •
CVSS: 8.8EPSS: 23%CPEs: 52EXPL: 7CVE-2020-8835 – Linux kernel bpf verifier vulnerability
https://notcve.org/view.php?id=CVE-2020-8835
30 Mar 2020 — In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780) En el kernel de Linux versiones 5.5.0 y más recientes, el verificador bpf (ker... • https://github.com/zilong3033/CVE-2020-8835 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 2CVE-2020-9391
https://notcve.org/view.php?id=CVE-2020-9391
25 Feb 2020 — An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation. Se detectó un problema en el kernel de Linux versión 5.4 y versiones 5.5 hasta 5.5.6 sobre la arquitectura AArch64. Ignora el byte s... • http://www.openwall.com/lists/oss-security/2020/02/25/6 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2019-20044 – zsh: insecure dropping of privileges when unsetting PRIVILEGED option
https://notcve.org/view.php?id=CVE-2019-20044
24 Feb 2020 — In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). En Zsh versiones anteriores a 5.8, los atacantes capaces de ejecutar comandos pueden recuperar privilegios eliminados mediante la opción --no-PRIVILEGED. Zsh presenta un fallo al sobrescribir el uid guardado, ya que los privilegio... • http://seclists.org/fulldisclosure/2020/May/49 • CWE-271: Privilege Dropping / Lowering Errors CWE-273: Improper Check for Dropped Privileges •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19769 – Ubuntu Security Notice USN-4369-1
https://notcve.org/view.php?id=CVE-2019-19769
12 Dec 2019 — In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h). En el kernel de Linux versión 5.3.10, se presenta un uso de la memoria previamente liberada en la función perf_trace_lock_acquire (relacionada con el archivo include/trace/events/lock.h). It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially... • https://bugzilla.kernel.org/show_bug.cgi?id=205705 • CWE-416: Use After Free •