CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 3CVE-2020-27786 – kernel: use-after-free in kernel midi subsystem
https://notcve.org/view.php?id=CVE-2020-27786
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en la implementación de MIDI en el kernel de Linux, donde un atacante con una cuenta local y los permisos para emitir comandos ioctl a dispositivos midi podría desencadenar un problema de uso después de la liberación. Una escritura en esta memoria específica mientras está liberada y antes de su uso hace que el flujo de ejecución cambie y posiblemente permita la corrupción de memoria o la escalada de privilegios. • https://github.com/kiks7/CVE-2020-27786-Kernel-Exploit https://github.com/elbiazo/CVE-2020-27786 https://github.com/ii4gsp/CVE-2020-27786 http://www.openwall.com/lists/oss-security/2020/12/03/1 https://bugzilla.redhat.com/show_bug.cgi?id=1900933 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d https://security.netapp.com/advisory/ntap-20210122-0002 https://access.redhat.com/security/cve/CVE-2020-27786 • CWE-416: Use After Free •
CVSS: 4.1EPSS: 0%CPEs: 11EXPL: 2CVE-2020-25656 – kernel: use-after-free in read in vt_do_kdgkb_ioctl
https://notcve.org/view.php?id=CVE-2020-25656
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. Se encontró un fallo en el kernel de Linux. • https://bugzilla.redhat.com/show_bug.cgi?id=1888726 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html https://lkml.org/lkml/2020/10/16/84 https://lkml.org/lkml/2020/10/29/528 https://www.starwindsoftware.com/security/sw-20210325-0006 https://access.redhat.com/security/cve/CVE-2020-25656 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-14351 – Linux Kernel Performance Counters Race Condition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-14351
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en el kernel de Linux. Se encontró un fallo de uso de la memoria previamente liberada en el subsistema perf que permitía a un atacante local con permiso para monitorear eventos de desempeño para corromper la memoria y posiblemente escalar privilegios. • https://bugzilla.redhat.com/show_bug.cgi?id=1862849 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html https://access.redhat.com/security/cve/CVE-2020-14351 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2020-25708 – libvncserver: libvncserver/rfbserver.c has a divide by zero which could result in DoS
https://notcve.org/view.php?id=CVE-2020-25708
A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. Se encontró un problema de división por cero en libvncserver-0.9.12. Un cliente malicioso podría usar este fallo para enviar un mensaje especialmente diseñado que, cuando se procesaba mediante el servidor VNC, conduciría a una excepción de punto flotante, resultando en una denegación de servicio A divide by zero flaw was found in libvncserver. This flaw allows a malicious client to send a specially crafted message that, when processed by the VNC server, leads to a floating-point exception, resulting in a denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=1896739 https://lists.debian.org/debian-lts-announce/2022/09/msg00035.html https://access.redhat.com/security/cve/CVE-2020-25708 • CWE-369: Divide By Zero •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 1CVE-2020-25705 – kernel: ICMP rate limiting can be used for DNS poisoning attack
https://notcve.org/view.php?id=CVE-2020-25705
A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version Se encontró un fallo en los paquetes ICMP en el kernel de Linux puede permitir a un atacante escanear rápidamente los puertos UDP abiertos. Este defecto permite a un atacante remoto fuera de la ruta eludir efectivamente la aleatorización del puerto de origen UDP. • https://github.com/tdwyer/CVE-2020-25705 https://us-cert.cisa.gov/ics/advisories/icsa-21-131-03 https://access.redhat.com/security/cve/CVE-2020-25705 https://bugzilla.redhat.com/show_bug.cgi?id=1894579 • CWE-330: Use of Insufficiently Random Values •