CVE-2020-10768 – kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.
https://notcve.org/view.php?id=CVE-2020-10768
A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality. Se encontró un fallo en el kernel de Linux versiones anteriores a 5.8-rc1 en la función prctl(), donde puede ser usado para habilitar la especulación de rama indirecta después de haber sido deshabilitada. Esta llamada reporta incorrectamente que está "force disabled" cuando no lo está y abre el sistema a ataques de Spectre v2. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10768 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf https://access.redhat.com/security/cve/CVE-2020-10768 https://bugzilla.redhat.com/show_bug.cgi?id=1845868 • CWE-440: Expected Behavior Violation •
CVE-2020-10767 – kernel: Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available.
https://notcve.org/view.php?id=CVE-2020-10767
A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality. Se encontró un fallo en el kernel de Linux versiones anteriores a 5.8-rc1, en la implementación de la Enhanced IBPB (Indirect Branch Prediction Barrier). • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10767 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=21998a351512eba4ed5969006f0c55882d995ada https://access.redhat.com/security/cve/CVE-2020-10767 https://bugzilla.redhat.com/show_bug.cgi?id=1845867 • CWE-440: Expected Behavior Violation •
CVE-2019-20908 – kernel: lockdown: bypass through ACPI write via efivar_ssdt
https://notcve.org/view.php?id=CVE-2019-20908
An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032. Se detectó un problema en el archivo drivers/firmware/efi/efi.c en el kernel de Linux versiones anteriores a 5.4. Permisos de acceso incorrectos para la variable efivar_ssdt ACPI podrían ser usados por atacantes para omitir el bloqueo o asegurar las restricciones de arranque, también se conoce como CID-1957a85b0032 A flaw was found in how the ACPI table loading through the EFI variable (and the related efivar_ssdt boot option) was handled when the Linux kernel was locked down. This flaw allows a (root) privileged local user to circumvent the kernel lockdown restrictions. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html http://www.openwall.com/lists/oss-security/2020/07/20/6 http://www.openwall.com/lists/oss-security/2020/07/29/3 http://www.openwall.com/lists/oss-security/2020/07/30/2 http://www.openwall.com/lists/oss-security/2020/07/30/3 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1957a85b0032a81e6482ca4aa • CWE-284: Improper Access Control •
CVE-2020-15780 – kernel: lockdown: bypass through ACPI write via acpi_configfs
https://notcve.org/view.php?id=CVE-2020-15780
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30. Se detectó un problema en el archivo drivers/acpi/acpi_configfs.c en el kernel de Linux versiones anteriores a 5.7.7. Una inyección de tablas ACPI maliciosas por medio de configfs podría ser usada por atacantes para omitir el bloqueo y asegurar las restricciones de arranque, también se conoce como CID-75b0cea7bf30 A flaw was found in how the ACPI table loading through acpi_configfs was handled when the kernel was locked down. This flaw allows a (root) privileged local user to circumvent the kernel lockdown restrictions. • https://github.com/Annavid/CVE-2020-15780-exploit http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html http://www.openwall.com/lists/oss-security/2020/07/20/7 http://www.openwall.com/lists/oss-security/2020/07/29/3 http://www.openwall.com/lists/oss-security/2020/07/30/2 http://www.openwall.com/lists/oss-security/2020/07/30/3 https://cdn.kernel.org/pub/linux/kernel • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVE-2020-10720 – kernel: use-after-free read in napi_gro_frags() in the Linux kernel
https://notcve.org/view.php?id=CVE-2020-10720
A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system. Se encontró un fallo en la implementación de GRO del kernel de Linux en versiones anteriores a 5.2. Este fallo permite a un atacante con acceso local bloquear el sistema A flaw was found in the Linux kernel’s implementation of GRO. This flaw allows an attacker with local access to crash the system. • https://bugzilla.redhat.com/show_bug.cgi?id=1781204 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4270d6795b0580287453ea55974d948393e66ef https://access.redhat.com/security/cve/CVE-2020-10720 • CWE-416: Use After Free •