CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10773 – kernel: kernel stack information leak on s390/s390x
https://notcve.org/view.php?id=CVE-2020-10773
10 Sep 2020 — A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data. Se encontró un fallo de filtrado de información de la pila en s390/s390x en la funcionalidad del administrador de memoria del kernel de Linux, donde escribe incorrectamente en el archivo /proc/sys/vm/cmm_timeout. Este fallo permite a un usuario local visualizar los datos del kernel • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10773 • CWE-626: Null Byte Interaction Error (Poison Null Byte) •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25221
https://notcve.org/view.php?id=CVE-2020-25221
10 Sep 2020 — get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743. La función get_gate_page en el archivo mm/gup.c en el kernel de Linux versiones 5.7.x y versiones 5.8.x anteriores a 5.8.7, permite una esc... • http://www.openwall.com/lists/oss-security/2020/09/10/4 • CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25220
https://notcve.org/view.php?id=CVE-2020-25220
10 Sep 2020 — The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature. El kernel de Linux versiones 4.9.x anteriores a 4.9.233, versiones 4.14.x anteriores a 4.14.194 y versiones 4.19.x anteriores a 4.19.140, presenta un uso de la memoria previamente liberada porque skcd-)no_refcnt no fue considerado durante un backport de un parche del CVE-2... • https://bugzilla.redhat.com/show_bug.cgi?id=1868453 • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2020-25212 – kernel: TOCTOU mismatch in the NFS client code
https://notcve.org/view.php?id=CVE-2020-25212
09 Sep 2020 — A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. Una discrepancia de TOCTOU en el código del cliente NFS en el kernel de Linux versiones anteriores a 5.8.3, podría ser usada por atacantes locales para dañar la memoria o posiblemente tener otro impacto no especificado porque una comprobación de tam... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 1CVE-2020-25211 – kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c
https://notcve.org/view.php?id=CVE-2020-25211
09 Sep 2020 — In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff. En el kernel de Linux versiones hasta 5.8.7, los atacantes locales capaces de inyectar la configuración netlink de conntrack podrían desbordar un búfer local, causando bloqueos o desencadenando el uso de números de protocolo... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2020-14386 – kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege
https://notcve.org/view.php?id=CVE-2020-14386
08 Sep 2020 — A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity. Se encontró un fallo en el kernel de Linux versiones anteriores a 5.9-rc4. Una corrupción de la memoria puede ser explotada para conseguir privilegios root de procesos no privilegiados. • https://github.com/cgwalters/cve-2020-14386 • CWE-250: Execution with Unnecessary Privileges CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-10781
https://notcve.org/view.php?id=CVE-2020-10781
02 Sep 2020 — A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate ... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10781 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 3CVE-2020-14356 – kernel: Use After Free vulnerability in cgroup BPF component
https://notcve.org/view.php?id=CVE-2020-14356
19 Aug 2020 — A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. Se detectó un fallo de desreferencia de puntero null en el subsistema cgroupv2 del kernel de Linux en versiones anteriores a 5.7.10, en la manera de reiniciar el sistema. Un usuario local podría usar este fallo para bloquear el sistema o escalar sus privilegios en el siste... • https://github.com/ShaikUsaf/linux-4.19.72_CVE-2020-14356 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 13EXPL: 0CVE-2020-24394 – kernel: umask not applied on filesystem without ACL support
https://notcve.org/view.php?id=CVE-2020-24394
19 Aug 2020 — In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. En el kernel de Linux versiones anteriores a 5.7.8, el archivo fs/nfsd/vfs.c (en el servidor NFS), puede establecer permisos incorrectos en nuevos objetos de un sistema de archivos cuando el sistema de archivos carece de soporte de ACL, también se conoce como CID-22cf84... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0CVE-2020-16166 – kernel: information exposure in drivers/char/random.c and kernel/time/timer.c
https://notcve.org/view.php?id=CVE-2020-16166
30 Jul 2020 — The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. El kernel de Linux versiones hasta 5.7.11, permite a atacantes remotos realizar observaciones que ayudan a obtener información confidencial sobre el estado interno de la red RNG, también se conoce como CID-f227e3ec3b5c. Esto está relacionado con los archivos d... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-330: Use of Insufficiently Random Values •