CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 1CVE-2020-29368 – kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check
https://notcve.org/view.php?id=CVE-2020-29368
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. Se detectó un problema en la función __split_huge_pmd en el archivo mm/huge_memory.c en el kernel de Linux versiones anteriores a 5.7.5. La implementación copy-on-write puede otorgar acceso de escritura no previsto debido a una condición de carrera en una comprobación de conteo de mapas THP, también se conoce como CID-c444eb564fb1 An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check. • https://bugs.chromium.org/p/project-zero/issues/detail?id=2045 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040 https://security.netapp.com/advisory/ntap-20210108-0002 https://access.redhat.com/security/cve/CVE-2020-29368 https://bugzilla.redhat.com/show_bug.cgi?id=1903244 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.0EPSS: 0%CPEs: 10EXPL: 1CVE-2020-29370
https://notcve.org/view.php?id=CVE-2020-29370
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71. Se detectó un problema en la función kmem_cache_alloc_bulk en el archivo mm/slub.c en el kernel de Linux versiones anteriores a 5.5.11. La slowpath carece del incremento de TID requerido, también se conoce como CID-fd4d9c7d0c71 • https://bugs.chromium.org/p/project-zero/issues/detail?id=2022 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.11 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8 https://security.netapp.com/advisory/ntap-20201218-0001 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 3.6EPSS: 0%CPEs: 12EXPL: 2CVE-2020-29374
https://notcve.org/view.php?id=CVE-2020-29374
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58. Se detectó un problema en el kernel de Linux versiones anteriores a 5.7.3, relacionado con los archivos mm/gup.c y mm/huge_memory.c. La implementación de la función get_user_pages (también se conoce como gup), cuando se usa para una página copy-on-write, no considera apropiadamente la semántica de las operaciones de lectura y, por lo tanto, puede otorgar acceso de escritura involuntario, también se conoce como CID-17839856fd58 • http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html https://bugs.chromium.org/p/project-zero/issues/detail?id=2045 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.debi • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-863: Incorrect Authorization •
CVSS: 7.2EPSS: 0%CPEs: 39EXPL: 1CVE-2020-15436 – kernel: use-after-free in fs/block_dev.c
https://notcve.org/view.php?id=CVE-2020-15436
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. La vulnerabilidad de tipo use-after-free en el archivo fs/block_dev.c en el kernel de Linux versiones anteriores a 5.8, permite a usuarios locales obtener privilegios o causar una denegación de servicio al aprovechar el acceso inapropiado a un determinado campo de error A use-after-free flaw was observed in blkdev_get(), in fs/block_dev.c after a call to __blkdev_get() fails, and its refcount gets freed/released. This problem may cause a denial of service problem with a special user privilege, and may even lead to a confidentiality issue. • https://lkml.org/lkml/2020/6/7/379 https://security.netapp.com/advisory/ntap-20201218-0002 https://access.redhat.com/security/cve/CVE-2020-15436 https://bugzilla.redhat.com/show_bug.cgi?id=1901168 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2020-25643 – kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow
https://notcve.org/view.php?id=CVE-2020-25643
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo de corrupción de la memoria en el kernel de Linux en versiones anteriores a 5.9-rc7, en el módulo HDLC_PPP en la manera en que recibe paquetes malformados por el protocolo PPP. Un usuario remoto podría usar este fallo para bloquear el sistema o causar una denegación de servicio A flaw was found in the HDLC_PPP module of the Linux kernel. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html https://bugzilla.redhat.com/show_bug.cgi?id=1879981 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=66d42ed8b25b64eb63111a2b8582c5afc8bf1105 https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/ • CWE-20: Improper Input Validation •