CVSS: 7.0EPSS: 0%CPEs: 31EXPL: 2CVE-2020-25668
https://notcve.org/view.php?id=CVE-2020-25668
A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. Se encontró un fallo en el Kernel de Linux porque el acceso a la variable global fg_console no está correctamente sincronizado, conllevando a un uso de la memoria previamente liberada en la función con_font_op • http://www.openwall.com/lists/oss-security/2020/10/30/1 http://www.openwall.com/lists/oss-security/2020/11/04/3 https://bugzilla.redhat.com/show_bug.cgi?id=1893287%2C https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html https://security.netapp.com/advisory/ntap-20210702-0005 https:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-662: Improper Synchronization •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 2CVE-2020-27777 – kernel: powerpc: RTAS calls can be used to compromise kernel integrity
https://notcve.org/view.php?id=CVE-2020-27777
A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. Se encontró un fallo en la manera en que RTAS manejaba los accesos a la memoria en el espacio de usuario para la comunicación del kernel. En un sistema invitado bloqueado (generalmente debido al arranque seguro) que se ejecuta en la parte superior de los hipervisores PowerVM o KVM (plataforma pseries), un usuario root como local podría usar este fallo para aumentar aún más sus privilegios a los de un kernel en ejecución A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. • https://bugzilla.redhat.com/show_bug.cgi?id=1900844 https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next&id=bd59380c5ba4147dcbaad3e582b55ccfd120b764 https://www.openwall.com/lists/oss-security/2020/10/09/1 https://www.openwall.com/lists/oss-security/2020/11/23/2 https://access.redhat.com/security/cve/CVE-2020-27777 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 3CVE-2020-27786 – kernel: use-after-free in kernel midi subsystem
https://notcve.org/view.php?id=CVE-2020-27786
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en la implementación de MIDI en el kernel de Linux, donde un atacante con una cuenta local y los permisos para emitir comandos ioctl a dispositivos midi podría desencadenar un problema de uso después de la liberación. Una escritura en esta memoria específica mientras está liberada y antes de su uso hace que el flujo de ejecución cambie y posiblemente permita la corrupción de memoria o la escalada de privilegios. • https://github.com/kiks7/CVE-2020-27786-Kernel-Exploit https://github.com/elbiazo/CVE-2020-27786 https://github.com/ii4gsp/CVE-2020-27786 http://www.openwall.com/lists/oss-security/2020/12/03/1 https://bugzilla.redhat.com/show_bug.cgi?id=1900933 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d https://security.netapp.com/advisory/ntap-20210122-0002 https://access.redhat.com/security/cve/CVE-2020-27786 • CWE-416: Use After Free •
CVSS: 4.4EPSS: 0%CPEs: 19EXPL: 2CVE-2020-29660 – kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-after-free
https://notcve.org/view.php?id=CVE-2020-29660
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. Se detectó un problema de inconsistencia de bloqueo en el subsistema tty del kernel de Linux versiones hasta 5.9.13. Los archivos drivers/tty/tty_io.c y drivers/tty/tty_jobctrl.c pueden permitir un ataque de lectura de la memoria previamente liberada contra TIOCGSID, también se conoce como CID-c8bcd9c5be24 A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel. A local user could use this flaw to read numerical value from memory after free. • http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html http://www.openwall.com/lists/oss-security/2020/12/10/1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9 https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOB25SU6X • CWE-416: Use After Free CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-14381 – kernel: referencing inode of removed superblock in get_futex_key() causes UAF
https://notcve.org/view.php?id=CVE-2020-14381
A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en la implementación de futex del kernel de Linux. Este fallo permite a un atacante local corromper la memoria del sistema o aumentar sus privilegios al crear un futex en un sistema de archivos que está a punto de ser desmontado. • https://bugzilla.redhat.com/show_bug.cgi?id=1874311 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254 https://access.redhat.com/security/cve/CVE-2020-14381 • CWE-416: Use After Free •