CVE-2020-24394 – kernel: umask not applied on filesystem without ACL support
https://notcve.org/view.php?id=CVE-2020-24394
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. En el kernel de Linux versiones anteriores a 5.7.8, el archivo fs/nfsd/vfs.c (en el servidor NFS), puede establecer permisos incorrectos en nuevos objetos de un sistema de archivos cuando el sistema de archivos carece de soporte de ACL, también se conoce como CID-22cf8419f131. Esto ocurre porque no es considerada la umask actual. A vulnerability was found in NFSv4.2 in the Linux kernel, where a server fails to correctly apply umask when creating a new object on filesystem without ACL support (for example, ext4 with the "noacl" mount option). • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832 https://security.netapp.com/advisory/ntap-20200904-0003 https://usn.ubuntu.com/4465-1 https://usn.ubuntu.com/4483-1 https://usn.ubuntu.com/4485-1 https://www.orac • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2020-16166 – kernel: information exposure in drivers/char/random.c and kernel/time/timer.c
https://notcve.org/view.php?id=CVE-2020-16166
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. El kernel de Linux versiones hasta 5.7.11, permite a atacantes remotos realizar observaciones que ayudan a obtener información confidencial sobre el estado interno de la red RNG, también se conoce como CID-f227e3ec3b5c. Esto está relacionado con los archivos drivers/char/random.c y kernel/time/timer.c A flaw was found in the Linux kernel. The generation of the device ID from the network RNG internal state is predictable. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html https://arxiv.org/pdf/2012.07432.pdf https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f227e3ec3b5cad859ad15666874405e8c1bbc1d4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c51f8f88d705e06bd696d7510aff22b33eb8e638 https://github.com/torvalds/linux/commit/f227e3ec3b5cad859ad15666874405e8c1bbc1d4 https://lists.debian& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-330: Use of Insufficiently Random Values •
CVE-2020-10766 – kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection.
https://notcve.org/view.php?id=CVE-2020-10766
A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality. Se encontró un fallo de bug lógico en el kernel de Linux versiones anteriores a 5.8-rc1, en la implementación de SSBD. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10766 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dbbe2ad02e9df26e372f38cc3e70dab9222c832e https://access.redhat.com/security/cve/CVE-2020-10766 https://bugzilla.redhat.com/show_bug.cgi?id=1845840 • CWE-440: Expected Behavior Violation •
CVE-2020-10768 – kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.
https://notcve.org/view.php?id=CVE-2020-10768
A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality. Se encontró un fallo en el kernel de Linux versiones anteriores a 5.8-rc1 en la función prctl(), donde puede ser usado para habilitar la especulación de rama indirecta después de haber sido deshabilitada. Esta llamada reporta incorrectamente que está "force disabled" cuando no lo está y abre el sistema a ataques de Spectre v2. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10768 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf https://access.redhat.com/security/cve/CVE-2020-10768 https://bugzilla.redhat.com/show_bug.cgi?id=1845868 • CWE-440: Expected Behavior Violation •
CVE-2020-10767 – kernel: Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available.
https://notcve.org/view.php?id=CVE-2020-10767
A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality. Se encontró un fallo en el kernel de Linux versiones anteriores a 5.8-rc1, en la implementación de la Enhanced IBPB (Indirect Branch Prediction Barrier). • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10767 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=21998a351512eba4ed5969006f0c55882d995ada https://access.redhat.com/security/cve/CVE-2020-10767 https://bugzilla.redhat.com/show_bug.cgi?id=1845867 • CWE-440: Expected Behavior Violation •