CVE-2020-11609
https://notcve.org/view.php?id=CVE-2020-11609
An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93. Se detectó un problema en el subsistema stv06xx en el kernel de Linux versiones anteriores a 5.6.1. Los archivos drivers/media/usb/gspca/stv06xx/stv06xx.c y drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c manejan inapropiadamente los descriptores no válidos, como es demostrado por una desreferencia del puntero NULL, también se conoce como CID-485b06aadb93. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=485b06aadb933190f4bc44e006076bc27a23f205 https://github.com/torvalds/linux/commit/485b06aadb933190f4bc44e006076bc27a23f205 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-a • CWE-476: NULL Pointer Dereference •
CVE-2020-11608 – kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c
https://notcve.org/view.php?id=CVE-2020-11608
An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d. Se detectó un problema en el kernel de Linux versiones anteriores a 5.6.1. El archivo drivers/media/usb/gspca/ov519.c, permite desreferencias del puntero NULL en las funciones ov511_mode_init_regs y ov518_mode_init_regs cuando hay cero endpoints, también se conoce como CID-998912346c0d. A flaw was found in the way the ov519 driver in the Linux kernel handled certain types of USB descriptors. This flaw allows an attacker with the ability to induce the error conditions to crash the system. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=998912346c0da53a6dbb71fab3a138586b596b30 https://github.com/torvalds/linux/commit/998912346c0da53a6dbb71fab3a138586b596b30 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-a • CWE-476: NULL Pointer Dereference •
CVE-2020-11565 – kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c
https://notcve.org/view.php?id=CVE-2020-11565
An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.” ** EN DISPUTA ** Se detectó un problema en el kernel de Linux versiones hasta 5.6.2. La función mpol_parse_str en el archivo mm/mempolicy.c presenta una escritura fuera de límites en la región stack de la memoria porque una lista de nodos vacía es manejada inapropiadamente durante el análisis de la opción de montaje, también se conoce como CID-aa9f7d5172fa. NOTA: Alguien en la comunidad de seguridad no está de acuerdo en que se trata de una vulnerabilidad porque el problema "es un error en el análisis de las opciones de montaje que sólo puede ser especificado por un usuario privilegiado, por lo que la activación del error no otorga ningún poder que no se tenga ya". An out-of-bounds write flaw was found in the Linux kernel. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd https://github.com/torvalds/linux/commit/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://usn.ubuntu.com/4363-1 https://usn.ubuntu.com/4364-1 https://usn.ubuntu.com/4367-1 https: • CWE-787: Out-of-bounds Write •
CVE-2020-10942 – kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field
https://notcve.org/view.php?id=CVE-2020-10942
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. En el kernel de Linux versiones anteriores a 5.5.8, la función get_raw_socket en el archivo drivers/vhost/net.c carece de una comprobación de un campo sk_family, que podría permitir a atacantes desencadenar una corrupción de pila del kernel por medio de llamadas de sistema diseñadas. A stack buffer overflow issue was found in the get_raw_socket() routine of the Host kernel accelerator for virtio net (vhost-net) driver. It could occur while doing an ictol(VHOST_NET_SET_BACKEND) call, and retrieving socket name in a kernel stack variable via get_raw_socket(). A user able to perform ioctl(2) calls on the '/dev/vhost-net' device may use this flaw to crash the kernel resulting in DoS issue. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html http://www.openwall.com/lists/oss-security/2020/04/15/4 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.8 https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://lkml.org/lkm • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2011-0699
https://notcve.org/view.php?id=CVE-2011-0699
Integer signedness error in the btrfs_ioctl_space_info function in the Linux kernel 2.6.37 allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted slot value. Un error en la propiedad signedness de enteros en la función btrfs_ioctl_space_info en el kernel de Linux versión 2.6.37, permite a usuarios locales causar una denegación de servicio (desbordamiento de búfer basado en la región heap de la memoria) o posiblemente tener otro impacto no especificado por medio de un valor de slot diseñado. • http://marc.info/?l=linux-kernel&m=129726078708425&w=2 http://marc.info/?l=oss-security&m=129726743519620&w=2 http://vulnfactory.org/vulns https://github.com/BlankOn/linux-debian/blob/master/debian/changelog.BlankOn • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-787: Out-of-bounds Write •