CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 1CVE-2020-24490 – kernel: net: bluetooth: heap buffer overflow when processing extended advertising report events
https://notcve.org/view.php?id=CVE-2020-24490
20 Oct 2020 — Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ. Unas restricciones de búfer inapropiadas en BlueZ pueden permitir a un usuario no autenticado habilitar potencialmente la denegación de servicio por medio de un acceso adyacente. Esto afecta a todas las versiones del kernel de Linux que admiten BlueZ A heap buffer overflow flaw was found in the way the Linux kerne... • https://github.com/AbrarKhan/linux_CVE-2020-24490-beforePatch • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 3CVE-2020-12351 – Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-12351
20 Oct 2020 — Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Una comprobación de entrada incorrecta en BlueZ puede permitir a un usuario no autenticado habilitar potencialmente una escalada de privilegios por medio de un acceso adyacente A flaw was found in the way the Linux kernel’s Bluetooth implementation handled L2CAP (Logical Link Control and Adaptation Protocol) packets with A2MP (Alternate MAC-PHY Manager Protocol) CID (Channe... • https://www.exploit-db.com/exploits/49754 • CWE-20: Improper Input Validation CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 2CVE-2020-12352 – Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-12352
20 Oct 2020 — Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. Un control de acceso inapropiado en BlueZ puede permitir a un usuario no autenticado habilitar potencialmente una divulgación de información por medio de un acceso adyacente An information leak flaw was found in the way Linux kernel’s Bluetooth stack implementation handled initialization of stack memory when handling certain AMP (Alternate MAC-PHY Manager Protocol) packets. Th... • https://www.exploit-db.com/exploits/49754 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-909: Missing Initialization of Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2020-27194
https://notcve.org/view.php?id=CVE-2020-27194
16 Oct 2020 — An issue was discovered in the Linux kernel before 5.8.15. scalar32_min_max_or in kernel/bpf/verifier.c mishandles bounds tracking during use of 64-bit values, aka CID-5b9fbeb75b6a. Se detectó un problema en el kernel de Linux versiones anteriores a 5.8.15. La función scalar32_min_max_or en el archivo kernel/bpf/verifier.c, maneja inapropiadamente el seguimiento de límites durante el uso de valores de 64 bits, también se conoce como CID-5b9fbeb75b6a • https://github.com/xmzyshypnc/CVE-2020-27194 • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 5.1EPSS: 0%CPEs: 5EXPL: 0CVE-2020-16120 – Unprivileged overlay + shiftfs read access
https://notcve.org/view.php?id=CVE-2020-16120
14 Oct 2020 — Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify perm... • https://git.kernel.org/linus/05acefb4872dae89e772729efb194af754c877e8 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 1CVE-2020-25645 – kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints
https://notcve.org/view.php?id=CVE-2020-25645
13 Oct 2020 — A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. Se encontró un fallo en el kernel de Linux en versiones anteriores a 5.9-rc7. El tráfico entre dos endpoints Geneve puede no estar cifrado cuando I... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2020-25641 – kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS
https://notcve.org/view.php?id=CVE-2020-25641
06 Oct 2020 — A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo en la implementación de biovecs del kernel de Linux en versione... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2020-25643 – kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow
https://notcve.org/view.php?id=CVE-2020-25643
06 Oct 2020 — A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo de corrupción de la memoria en el kernel de Linux en versiones anteriores a 5.9-rc7, en el módulo HDLC_PPP en la... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2020-26541 – kernel: security bypass in certs/blacklist.c and certs/system_keyring.c
https://notcve.org/view.php?id=CVE-2020-26541
02 Oct 2020 — The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. El kernel de Linux versiones hasta 5.8.13, no aplica apropiadamente el mecanismo de protección Secure Boot Forbidden Signature Database (también se conoce como dbx). Esto afecta a los archivos certs/blacklist.c y certs/system_keyring.c A flaw was found in the Linux kernel in certs/blacklist.c, When signature ent... • https://lkml.org/lkml/2020/9/15/1871 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-26088
https://notcve.org/view.php?id=CVE-2020-26088
24 Sep 2020 — A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. Una falta de comprobación de CAP_NET_RAW en la creación de sockets NFC en el archivo net/nfc/rawsock.c en el Kernel de Linux versiones anteriores a 5.8.2, podría ser usada por unos atacantes locales para crear sockets sin procesar, omitiendo los mecanismos de seguridad, también se conoce como CID-... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html • CWE-276: Incorrect Default Permissions •