CVSS: 7.0EPSS: 0%CPEs: 44EXPL: 0CVE-2020-11884 – Kernel: s390: page table upgrade in secondary address mode may lead to privilege escalation
https://notcve.org/view.php?id=CVE-2020-11884
28 Apr 2020 — In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur. En el kernel de Linux versión 4.9 hasta la versión 5.6.7, en la plataforma s390, una ejecución de código puede presentarse debido a una condición de carrera, como es demostrado por el código en la función enable_... • https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-1251: Mirrored Regions with Different Values •
CVSS: 7.2EPSS: 0%CPEs: 23EXPL: 0CVE-2019-20636 – kernel: out-of-bounds write via crafted keycode table
https://notcve.org/view.php?id=CVE-2019-20636
08 Apr 2020 — In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. En el kernel de Linux versiones anteriores a 5.4.12, el archivo drivers/input/input.c presenta escrituras fuera de límites por medio de una tabla de códigos clave diseñada, como es demostrado en la función input_set_keycode, también se conoce como CID-cb222aed03d7. An out-of-bounds write flaw was found in the Linux kernel. A crafted keycod... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 22%CPEs: 52EXPL: 7CVE-2020-8835 – Linux kernel bpf verifier vulnerability
https://notcve.org/view.php?id=CVE-2020-8835
30 Mar 2020 — In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780) En el kernel de Linux versiones 5.5.0 y más recientes, el verificador bpf (ker... • https://github.com/zilong3033/CVE-2020-8835 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 63EXPL: 0CVE-2020-8832 – Ubuntu 18.04 Linux kernel i915 incomplete fix for CVE-2019-14615
https://notcve.org/view.php?id=CVE-2020-8832
17 Mar 2020 — The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information. Se detectó que la solución para el kernel de Linux en Ubuntu versión 18.04 LTS para CVE-2019-14615 ("El kernel de Linux no borró apropiadamente las estructura... • https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •