CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12652
https://notcve.org/view.php?id=CVE-2020-12652
05 May 2020 — The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power." La función __mptctl_ioctl en el archivo drivers/message/fusion/mpt... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2020-12114 – kernel: DoS by corrupting mountpoint reference counter
https://notcve.org/view.php?id=CVE-2020-12114
04 May 2020 — A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter. Una condición de carrera en la función pivot_root en el archivo fs/namespace.c en el kernel de Linux versiones 4.4.x anteriores a la versión 4.4.221, versiones 4.9.x anteriores a la versión 4.9.221, versiones 4.14.x anteriores a la v... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.2EPSS: 0%CPEs: 18EXPL: 0CVE-2020-12465 – kernel: buffer overflow in mt76_add_fragment function in drivers/net/wireless/mediatek/mt76/dma.c
https://notcve.org/view.php?id=CVE-2020-12465
29 Apr 2020 — An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages. Se descubrió un desbordamiento de matriz en la función mt76_add_fragment en el archivo drivers/net/wireless/mediatek/mt76/dma.c en el kernel de Linux versiones anteriores a la versión 5.5.10, también se conoce como CID-b102f0c522cf. Un paquete de gran tamaño con muchos fr... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 0%CPEs: 23EXPL: 1CVE-2020-12464 – kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c
https://notcve.org/view.php?id=CVE-2020-12464
29 Apr 2020 — usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. a función usb_sg_cancel en el archivo drivers/usb/core/message.c en el kernel de Linux versiones anteriores a la versión 5.6.8, tiene un uso de la memoria previamente liberada porque se produce una transferencia sin una referencia, también se conoce como CID-056ad39ee925. A use-after-free flaw was found in usb_sg_cancel in drivers/usb/core/mes... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 44EXPL: 0CVE-2020-11884 – Kernel: s390: page table upgrade in secondary address mode may lead to privilege escalation
https://notcve.org/view.php?id=CVE-2020-11884
28 Apr 2020 — In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur. En el kernel de Linux versión 4.9 hasta la versión 5.6.7, en la plataforma s390, una ejecución de código puede presentarse debido a una condición de carrera, como es demostrado por el código en la función enable_... • https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-1251: Mirrored Regions with Different Values •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11725
https://notcve.org/view.php?id=CVE-2020-11725
12 Apr 2020 — snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info->owner field to represent data unrelated to the "owner" concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have be... • https://github.com/torvalds/linux/blob/3b2549a3740efb8af0150415737067d87e466c5b/sound/core/control.c#L1434-L1474 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11669 – kernel: powerpc: guest can cause DoS on POWER9 KVM hosts
https://notcve.org/view.php?id=CVE-2020-11669
10 Apr 2020 — An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd. Se detectó un problema en el kernel de Linux versiones anteriores a 5.2, en la plataforma powerpc. El archivo arch/powerpc/kernel/idle_book3s.S no posee la funcionalidad de guardar y restaurar para PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR y PNV_POWERSAVE_AMOR, también ... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html • CWE-393: Return of Wrong Status Code •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11668 – kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c
https://notcve.org/view.php?id=CVE-2020-11668
09 Apr 2020 — In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. En el archivo drivers/media/usb/gspca/xirlink_cit.c de kernel de Linux versiones anteriores a 5.6.1, (también se conoce como el controlador USB de la cámara Xirlink) maneja inapropiadamente los descriptores no válidos, también se conoce como CID-a246b4d54770. A NULL pointer dereference flaw was found in the Xirlink camera USB driver 'xirlink-cit' i... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1 • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 0%CPEs: 23EXPL: 0CVE-2019-20636 – kernel: out-of-bounds write via crafted keycode table
https://notcve.org/view.php?id=CVE-2019-20636
08 Apr 2020 — In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. En el kernel de Linux versiones anteriores a 5.4.12, el archivo drivers/input/input.c presenta escrituras fuera de límites por medio de una tabla de códigos clave diseñada, como es demostrado en la función input_set_keycode, también se conoce como CID-cb222aed03d7. An out-of-bounds write flaw was found in the Linux kernel. A crafted keycod... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12 • CWE-787: Out-of-bounds Write •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11609
https://notcve.org/view.php?id=CVE-2020-11609
07 Apr 2020 — An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93. Se detectó un problema en el subsistema stv06xx en el kernel de Linux versiones anteriores a 5.6.1. Los archivos drivers/media/usb/gspca/stv06xx/stv06xx.c y drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c manejan inapropiadamente los... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-476: NULL Pointer Dereference •