CVE-2011-4915
https://notcve.org/view.php?id=CVE-2011-4915
fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts. El archivo fs/proc/base.c en el kernel de Linux versiones hasta 3.1, permite a usuarios locales obtener información confidencial de pulsaciones de teclas por medio del acceso a /proc/interrupts. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0499680a42141d86417a8fbaa8c8db806bea1201 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a2ef990ab5a6705a356d146dd773a3b359787497 http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4915.html http://www.openwall.com/lists/oss-security/2011/11/07/9 https://lkml.org/lkml/2011/11/7/340 https://seclists.org/oss-sec/2011/q4/571 https://security-tracker.debian.org/tracker/CVE- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-8992
https://notcve.org/view.php?id=CVE-2020-8992
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. La función ext4_protect_reserved_inode en el archivo fs/ext4/block_validity.c en el kernel de Linux versiones hasta 5.5.3, permite a atacantes causar una denegación de servicio (soft lockup) por medio de un journal size diseñado. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://patchwork.ozlabs.org/patch/1236118 https://security.netapp.com/advisory/ntap-20200313-0003 https://usn.ubuntu.com/4318-1 https://usn.ubuntu.com/4324-1 https://usn.ubuntu.com/4342-1 https://usn.ubuntu.com/4344-1 https://usn.ubuntu.com/4419-1 • CWE-400: Uncontrolled Resource Consumption CWE-834: Excessive Iteration •
CVE-2020-8647 – kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c
https://notcve.org/view.php?id=CVE-2020-8647
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. Se presenta una vulnerabilidad de uso de la memoria previamente liberada en el kernel de Linux versiones hasta 5.5.2 en la función vc_do_resize en el archivo drivers/tty/vt/vt.c. A flaw was found in the Linux kernel’s virtual console resize functionality. An attacker with local access to virtual consoles can use the virtual console resizing code to gather kernel internal data structures. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html https://bugzilla.kernel.org/show_bug.cgi?id=206359 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://www.debian.org/security/2020/dsa-4698 https://access.redhat.com/security/cve/CVE-2020-8647 https://bugzilla.redhat.com/show_bug.cgi?id=1802563 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-416: Use After Free •
CVE-2020-8648 – kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c
https://notcve.org/view.php?id=CVE-2020-8648
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. Se presenta una vulnerabilidad de uso de la memoria previamente liberada en el kernel de Linux versiones hasta 5.5.2, en la función n_tty_receive_buf_common en el archivo drivers/tty/n_tty.c. A use-after-free flaw was found in the Linux kernel console driver when using the copy-paste buffer. This flaw allows a local user to crash the system. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://bugzilla.kernel.org/show_bug.cgi?id=206361 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://security.netapp.com/advisory/ntap-20200924-0004 https://usn.ubuntu.com/4342-1 https://usn.ubuntu.com/4344-1 https://usn.ubuntu.com/4345-1 • CWE-416: Use After Free •
CVE-2020-8649 – kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c
https://notcve.org/view.php?id=CVE-2020-8649
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. Se presenta una vulnerabilidad de uso de la memoria previamente liberada en el kernel de Linux versiones hasta 5.5.2, en la función vgacon_invert_region en el archivo drivers/video/console/vgacon.c. A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console. An out-of-bounds read can occur, leaking information to the console. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html https://bugzilla.kernel.org/show_bug.cgi?id=206357 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://www.debian.org/security/2020/dsa-4698 https://access.redhat.com/security/cve/CVE-2020-8649 https://bugzilla.redhat.com/show_bug.cgi?id=1802555 • CWE-416: Use After Free •