CVSS: 6.5EPSS: 0%CPEs: 35EXPL: 0CVE-2020-10690 – kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open
https://notcve.org/view.php?id=CVE-2020-10690
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. Se presenta un uso de la memoria previamente liberada en kernel versiones anteriores a 5.5, debido a una condición de carrera entre la liberación de ptp_clock y cdev durante la desasignación de recursos. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://security.netapp.com/advisory/ntap-20200608-0001 https://usn.ubuntu.com/4419-1 https://access.redhat.com/security/cve/CVE-2020-10690 https://bugzilla.redhat.com/show_bug.cgi?id=1817141 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12657 – kernel: use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body
https://notcve.org/view.php?id=CVE-2020-12657
An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body. Se detectó un problema en el kernel de Linux versiones anteriores a 5.6.5. Se presenta un uso de la memoria previamente liberada en el archivo block/bfq-iosched.c relacionado con la función bfq_idle_slice_timer_body. A flaw was found in the Linux kernel's implementation of the BFQ IO scheduler. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9 https://github.com/torvalds/linux/commit/2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9 https://patchwork.kernel.org/patch/11447049 https://security.netapp.com/advisory/ntap-20200608-0001 https://usn.ubuntu.com/4363-1 https://usn.ubuntu.com/4367-1 https:&# • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-12656
https://notcve.org/view.php?id=CVE-2020-12656
gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they like and load that replicating the effect of this bug ** EN DISPUTA ** En la función gss_mech_free en el archivo net/sunrpc/auth_gss/gss_mech_switch.c en la implementación rpcsec_gss_krb5 en el kernel de Linux versiones hasta 5.6.10 carece de ciertas llamadas domain_release, onllevando a una perdida de memoria. Nota: Esto se discutió con la afirmación de que el tema no otorga ningún acceso no disponible. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://bugzilla.kernel.org/show_bug.cgi?id=206651 https://usn.ubuntu.com/4483-1 https://usn.ubuntu.com/4485-1 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12655 – kernel: sync of excessive duration via an XFS v5 image with crafted metadata
https://notcve.org/view.php?id=CVE-2020-12655
An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. Se detectó un problema en la función xfs_agf_verify en el archivo fs/xfs/libxfs/xfs_alloc.c en el kernel de Linux versiones hasta 5.6.10. Los atacantes pueden desencadenar una sincronización de duración excesiva por medio de una imagen XFS v5 con metadatos diseñados, también se conoce como CID-d0c7feaf8767. A flaw was discovered in the XFS source in the Linux kernel. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0c7feaf87678371c2c09b3709400be416b2dc62 https://github.com/torvalds/linux/commit/d0c7feaf87678371c2c09b3709400be416b2dc62 https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://lists.fedoraproject.org/archives/li • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12654 – kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c
https://notcve.org/view.php?id=CVE-2020-12654
An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591. Se detectó un problema en el kernel de Linux versiones anteriores a 5.5.4. En la función mwifiex_ret_wmm_get_status() en el archivo drivers/net/wireless/marvell/mwifiex/wmm.c permite a un AP remoto desencadenar un desbordamiento del búfer en la región heap de la memoria debido a una memcpy incorrecta, también se conoce como CID-3a9b153c5591. A flaw was found in the Linux kernel. The Marvell mwifiex driver allows a remote WiFi access point to trigger a heap-based memory buffer overflow due to an incorrect memcpy operation. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://www.openwall.com/lists/oss-security/2020/05/08/2 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a9b153c5591548612c3955c9600a98150c81875 https://github.com/torvalds/linux/commit/3a9b153c5591548612c3955c9600a98150c81875 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce&# • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •