CVE-2020-11668 – kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c
https://notcve.org/view.php?id=CVE-2020-11668
In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. En el archivo drivers/media/usb/gspca/xirlink_cit.c de kernel de Linux versiones anteriores a 5.6.1, (también se conoce como el controlador USB de la cámara Xirlink) maneja inapropiadamente los descriptores no válidos, también se conoce como CID-a246b4d54770. A NULL pointer dereference flaw was found in the Xirlink camera USB driver 'xirlink-cit' in the Linux kernel. The driver mishandles invalid descriptors leading to a denial-of-service (DoS). This could allow a local attacker with user privilege to crash the system or leak kernel internal information. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a246b4d547708f33ff4d4b9a7a5dbac741dc89d8 https://github.com/torvalds/linux/commit/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://security.netapp.com/advisory/ntap-2 • CWE-476: NULL Pointer Dereference •
CVE-2019-20636 – kernel: out-of-bounds write via crafted keycode table
https://notcve.org/view.php?id=CVE-2019-20636
In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. En el kernel de Linux versiones anteriores a 5.4.12, el archivo drivers/input/input.c presenta escrituras fuera de límites por medio de una tabla de códigos clave diseñada, como es demostrado en la función input_set_keycode, también se conoce como CID-cb222aed03d7. An out-of-bounds write flaw was found in the Linux kernel. A crafted keycode table could be used by drivers/input/input.c to perform the out-of-bounds write. A local user with root access can insert garbage to this keycode table that can lead to out-of-bounds memory access. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb222aed03d798fc074be55e59d9a112338ee784 https://github.com/torvalds/linux/commit/cb222aed03d798fc074be55e59d9a112338ee784 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://security.netapp.com/advisory/ntap-20200430-0004 https://access.redhat.com/security/cve/CVE-2019-20 • CWE-787: Out-of-bounds Write •
CVE-2020-11609
https://notcve.org/view.php?id=CVE-2020-11609
An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93. Se detectó un problema en el subsistema stv06xx en el kernel de Linux versiones anteriores a 5.6.1. Los archivos drivers/media/usb/gspca/stv06xx/stv06xx.c y drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c manejan inapropiadamente los descriptores no válidos, como es demostrado por una desreferencia del puntero NULL, también se conoce como CID-485b06aadb93. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=485b06aadb933190f4bc44e006076bc27a23f205 https://github.com/torvalds/linux/commit/485b06aadb933190f4bc44e006076bc27a23f205 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-a • CWE-476: NULL Pointer Dereference •
CVE-2020-11608 – kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c
https://notcve.org/view.php?id=CVE-2020-11608
An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d. Se detectó un problema en el kernel de Linux versiones anteriores a 5.6.1. El archivo drivers/media/usb/gspca/ov519.c, permite desreferencias del puntero NULL en las funciones ov511_mode_init_regs y ov518_mode_init_regs cuando hay cero endpoints, también se conoce como CID-998912346c0d. A flaw was found in the way the ov519 driver in the Linux kernel handled certain types of USB descriptors. This flaw allows an attacker with the ability to induce the error conditions to crash the system. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=998912346c0da53a6dbb71fab3a138586b596b30 https://github.com/torvalds/linux/commit/998912346c0da53a6dbb71fab3a138586b596b30 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-a • CWE-476: NULL Pointer Dereference •
CVE-2020-11565 – kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c
https://notcve.org/view.php?id=CVE-2020-11565
An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.” ** EN DISPUTA ** Se detectó un problema en el kernel de Linux versiones hasta 5.6.2. La función mpol_parse_str en el archivo mm/mempolicy.c presenta una escritura fuera de límites en la región stack de la memoria porque una lista de nodos vacía es manejada inapropiadamente durante el análisis de la opción de montaje, también se conoce como CID-aa9f7d5172fa. NOTA: Alguien en la comunidad de seguridad no está de acuerdo en que se trata de una vulnerabilidad porque el problema "es un error en el análisis de las opciones de montaje que sólo puede ser especificado por un usuario privilegiado, por lo que la activación del error no otorga ningún poder que no se tenga ya". An out-of-bounds write flaw was found in the Linux kernel. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd https://github.com/torvalds/linux/commit/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://usn.ubuntu.com/4363-1 https://usn.ubuntu.com/4364-1 https://usn.ubuntu.com/4367-1 https: • CWE-787: Out-of-bounds Write •