CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 1CVE-2020-29368 – kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check
https://notcve.org/view.php?id=CVE-2020-29368
28 Nov 2020 — An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. Se detectó un problema en la función __split_huge_pmd en el archivo mm/huge_memory.c en el kernel de Linux versiones anteriores a 5.7.5. La implementación copy-on-write puede otorgar acceso de escritura no previsto debido a una condición de carrera en una comprobación de ... • https://bugs.chromium.org/p/project-zero/issues/detail?id=2045 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 1%CPEs: 45EXPL: 0CVE-2020-13143 – Debian Security Advisory 4698-1
https://notcve.org/view.php?id=CVE-2020-13143
18 May 2020 — gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4. En la función gadget_dev_desc_UDC_store en el archivo drivers/usb/gadget/configfs.c en el kernel de Linux versión 3.16 hasta la versión 5.6.13, se basa en kstrdup sin considerar la posibilidad de un valor "\0" interno, lo que permite a atacantes desenca... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 44EXPL: 0CVE-2020-12888 – Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario
https://notcve.org/view.php?id=CVE-2020-12888
15 May 2020 — The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. El controlador VFIO PCI en el kernel de Linux versiones hasta 5.6.13, maneja inapropiadamente los intentos para acceder al espacio de memoria deshabilitado. A flaw was found in the Linux kernel, where it allows userspace processes, for example, a guest VM, to directly access h/w devices via its VFIO driver modules. The VFIO modules allow users to enable or disable access to the devices' MMIO memory ad... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html • CWE-248: Uncaught Exception CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.7EPSS: 0%CPEs: 44EXPL: 0CVE-2020-12770 – kernel: sg_write function lacks an sg_remove_request call in a certain failure case
https://notcve.org/view.php?id=CVE-2020-12770
09 May 2020 — An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. Se detectó un problema en el kernel de Linux versiones hasta 5.6.11. La función sg_write, carece de una llamada a sg_remove_request en un determinado caso de fallo, también se conoce como CID-83c6f2390040. A vulnerability was found in sg_write in drivers/scsi/sg.c in the SCSI generic (sg) driver subsystem. This flaw allows an attacker with local access and spe... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 41EXPL: 1CVE-2020-12771 – Ubuntu Security Notice USN-4463-1
https://notcve.org/view.php?id=CVE-2020-12771
09 May 2020 — An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. Se detectó un problema en el kernel de Linux versiones hasta 5.6.11. La función btree_gc_coalesce en el archivo drivers/md/bcache/btree.c, presenta un punto muerto si se produce un fallo de la operación de coalescencia. Timothy Michaud discovered that the i915 graphics driver in the Linux kernel did not properly validate user memory locations for the i915... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html • CWE-667: Improper Locking •
CVSS: 7.0EPSS: 0%CPEs: 44EXPL: 0CVE-2020-11884 – Kernel: s390: page table upgrade in secondary address mode may lead to privilege escalation
https://notcve.org/view.php?id=CVE-2020-11884
28 Apr 2020 — In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur. En el kernel de Linux versión 4.9 hasta la versión 5.6.7, en la plataforma s390, una ejecución de código puede presentarse debido a una condición de carrera, como es demostrado por el código en la función enable_... • https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-1251: Mirrored Regions with Different Values •
CVSS: 7.0EPSS: 1%CPEs: 31EXPL: 4CVE-2019-18683 – Slackware Security Advisory - Slackware 14.2 kernel Updates
https://notcve.org/view.php?id=CVE-2019-18683
04 Nov 2019 — An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corres... • https://github.com/sanjana123-cloud/CVE-2019-18683 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 8.1EPSS: 1%CPEs: 13EXPL: 4CVE-2019-17498 – libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c
https://notcve.org/view.php?id=CVE-2019-17498
21 Oct 2019 — In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. En libssh2 versión v1.9.0 y anteriores, la lógica de la función SSH_MSG_DISCONNECT en el archivo packet.c presenta un desbordam... • https://packetstorm.news/files/id/172835 • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 31EXPL: 0CVE-2019-11068 – libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL
https://notcve.org/view.php?id=CVE-2019-11068
10 Apr 2019 — libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. libxslt hasta la versión 1.1.33 permite omitir los mecanismos de protección debido a que los callers xsltCheckRead y xsltCheckWrite permiten acceso incluso después de recibir el código de error -1. xsltCheckRead puede devolver -1 para una URL ... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 4%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
26 Feb 2019 — If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order ... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •