CVSS: 6.7EPSS: 0%CPEs: 44EXPL: 0CVE-2020-12770 – kernel: sg_write function lacks an sg_remove_request call in a certain failure case
https://notcve.org/view.php?id=CVE-2020-12770
09 May 2020 — An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. Se detectó un problema en el kernel de Linux versiones hasta 5.6.11. La función sg_write, carece de una llamada a sg_remove_request en un determinado caso de fallo, también se conoce como CID-83c6f2390040. A vulnerability was found in sg_write in drivers/scsi/sg.c in the SCSI generic (sg) driver subsystem. This flaw allows an attacker with local access and spe... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 41EXPL: 1CVE-2020-12771
https://notcve.org/view.php?id=CVE-2020-12771
09 May 2020 — An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. Se detectó un problema en el kernel de Linux versiones hasta 5.6.11. La función btree_gc_coalesce en el archivo drivers/md/bcache/btree.c, presenta un punto muerto si se produce un fallo de la operación de coalescencia. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html • CWE-667: Improper Locking •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 2CVE-2019-20794
https://notcve.org/view.php?id=CVE-2019-20794
09 May 2020 — An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace's pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion. Se detectó un problema en el kernel de Linux versiones 4.18 hasta 5.6... • http://www.openwall.com/lists/oss-security/2020/08/24/1 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 35EXPL: 0CVE-2020-10690 – kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open
https://notcve.org/view.php?id=CVE-2020-10690
08 May 2020 — There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointe... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 17EXPL: 1CVE-2020-12659 – kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data coruption
https://notcve.org/view.php?id=CVE-2020-12659
05 May 2020 — An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation. Se detectó un problema en el kernel de Linux versiones anteriores a 5.6.7. En la función xdp_umem_reg en el archivo net/xdp/xdp_umem.c se presenta una escritura fuera de límites (por un usuario con la capacidad CAP_NET_ADMIN) debido a una falta de comprobación del headroom. An out-of-bounds (OOB) memory... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12657 – kernel: use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body
https://notcve.org/view.php?id=CVE-2020-12657
05 May 2020 — An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body. Se detectó un problema en el kernel de Linux versiones anteriores a 5.6.5. Se presenta un uso de la memoria previamente liberada en el archivo block/bfq-iosched.c relacionado con la función bfq_idle_slice_timer_body. A flaw was found in the Linux kernel's implementation of the BFQ IO scheduler. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-12656
https://notcve.org/view.php?id=CVE-2020-12656
05 May 2020 — gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they li... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12655 – kernel: sync of excessive duration via an XFS v5 image with crafted metadata
https://notcve.org/view.php?id=CVE-2020-12655
05 May 2020 — An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. Se detectó un problema en la función xfs_agf_verify en el archivo fs/xfs/libxfs/xfs_alloc.c en el kernel de Linux versiones hasta 5.6.10. Los atacantes pueden desencadenar una sincronización de duración excesiva por medio de una imagen XFS v5 con metadatos diseñados, también se conoce com... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12654 – kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c
https://notcve.org/view.php?id=CVE-2020-12654
05 May 2020 — An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591. Se detectó un problema en el kernel de Linux versiones anteriores a 5.5.4. En la función mwifiex_ret_wmm_get_status() en el archivo drivers/net/wireless/marvell/mwifiex/wmm.c permite a un AP remoto desencadenar un desbordamiento del búfer en la región heap de la memoria debi... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2020-12653 – kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c
https://notcve.org/view.php?id=CVE-2020-12653
05 May 2020 — An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. Se detectó un problema en el kernel de Linux versiones anteriores a 5.5.4. La función mwifiex_cmd_append_vsie_tlv() en el archivo drivers/net/wireless/marvell/mwifiex/scan.c permite a usuarios locales alcanzar privilegios o causar u... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •