CVSS: 7.2EPSS: 0%CPEs: 17EXPL: 1CVE-2020-12659 – kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data coruption
https://notcve.org/view.php?id=CVE-2020-12659
05 May 2020 — An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation. Se detectó un problema en el kernel de Linux versiones anteriores a 5.6.7. En la función xdp_umem_reg en el archivo net/xdp/xdp_umem.c se presenta una escritura fuera de límites (por un usuario con la capacidad CAP_NET_ADMIN) debido a una falta de comprobación del headroom. An out-of-bounds (OOB) memory... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12657 – kernel: use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body
https://notcve.org/view.php?id=CVE-2020-12657
05 May 2020 — An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body. Se detectó un problema en el kernel de Linux versiones anteriores a 5.6.5. Se presenta un uso de la memoria previamente liberada en el archivo block/bfq-iosched.c relacionado con la función bfq_idle_slice_timer_body. A flaw was found in the Linux kernel's implementation of the BFQ IO scheduler. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-12656
https://notcve.org/view.php?id=CVE-2020-12656
05 May 2020 — gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they li... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12655 – kernel: sync of excessive duration via an XFS v5 image with crafted metadata
https://notcve.org/view.php?id=CVE-2020-12655
05 May 2020 — An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. Se detectó un problema en la función xfs_agf_verify en el archivo fs/xfs/libxfs/xfs_alloc.c en el kernel de Linux versiones hasta 5.6.10. Los atacantes pueden desencadenar una sincronización de duración excesiva por medio de una imagen XFS v5 con metadatos diseñados, también se conoce com... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12654 – kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c
https://notcve.org/view.php?id=CVE-2020-12654
05 May 2020 — An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591. Se detectó un problema en el kernel de Linux versiones anteriores a 5.5.4. En la función mwifiex_ret_wmm_get_status() en el archivo drivers/net/wireless/marvell/mwifiex/wmm.c permite a un AP remoto desencadenar un desbordamiento del búfer en la región heap de la memoria debi... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2020-12653 – kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c
https://notcve.org/view.php?id=CVE-2020-12653
05 May 2020 — An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. Se detectó un problema en el kernel de Linux versiones anteriores a 5.5.4. La función mwifiex_cmd_append_vsie_tlv() en el archivo drivers/net/wireless/marvell/mwifiex/scan.c permite a usuarios locales alcanzar privilegios o causar u... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12652
https://notcve.org/view.php?id=CVE-2020-12652
05 May 2020 — The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power." La función __mptctl_ioctl en el archivo drivers/message/fusion/mpt... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2020-12114 – kernel: DoS by corrupting mountpoint reference counter
https://notcve.org/view.php?id=CVE-2020-12114
04 May 2020 — A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter. Una condición de carrera en la función pivot_root en el archivo fs/namespace.c en el kernel de Linux versiones 4.4.x anteriores a la versión 4.4.221, versiones 4.9.x anteriores a la versión 4.9.221, versiones 4.14.x anteriores a la v... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.2EPSS: 0%CPEs: 18EXPL: 0CVE-2020-12465 – kernel: buffer overflow in mt76_add_fragment function in drivers/net/wireless/mediatek/mt76/dma.c
https://notcve.org/view.php?id=CVE-2020-12465
29 Apr 2020 — An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages. Se descubrió un desbordamiento de matriz en la función mt76_add_fragment en el archivo drivers/net/wireless/mediatek/mt76/dma.c en el kernel de Linux versiones anteriores a la versión 5.5.10, también se conoce como CID-b102f0c522cf. Un paquete de gran tamaño con muchos fr... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 0%CPEs: 23EXPL: 1CVE-2020-12464 – kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c
https://notcve.org/view.php?id=CVE-2020-12464
29 Apr 2020 — usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. a función usb_sg_cancel en el archivo drivers/usb/core/message.c en el kernel de Linux versiones anteriores a la versión 5.6.8, tiene un uso de la memoria previamente liberada porque se produce una transferencia sin una referencia, también se conoce como CID-056ad39ee925. A use-after-free flaw was found in usb_sg_cancel in drivers/usb/core/mes... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-416: Use After Free •