CVE-2020-12659 – kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data coruption
https://notcve.org/view.php?id=CVE-2020-12659
An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation. Se detectó un problema en el kernel de Linux versiones anteriores a 5.6.7. En la función xdp_umem_reg en el archivo net/xdp/xdp_umem.c se presenta una escritura fuera de límites (por un usuario con la capacidad CAP_NET_ADMIN) debido a una falta de comprobación del headroom. An out-of-bounds (OOB) memory access flaw was found in the Network XDP (the eXpress Data Path) module in the Linux kernel's xdp_umem_reg function in net/xdp/xdp_umem.c. When a user with special user privilege of CAP_NET_ADMIN (or root) calls setsockopt to register umem ring on XDP socket, passing the headroom value larger than the available space in the chunk, it leads to an out-of-bounds write, causing panic or possible memory corruption. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html https://bugzilla.kernel.org/show_bug.cgi?id=207225 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.7 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99e3a236dd43d06c65af0a2ef9cb44306aef6e02 https://github.com/torvalds/linux/commit/99e3a236dd43d06c65af0a2ef9cb44306aef6e02 https://security.netapp.com/advisory/ntap-20200608-0001 https://usn.ubuntu.com/4387-1 https://usn.ubuntu.com/4388- • CWE-787: Out-of-bounds Write •
CVE-2020-12657 – kernel: use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body
https://notcve.org/view.php?id=CVE-2020-12657
An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body. Se detectó un problema en el kernel de Linux versiones anteriores a 5.6.5. Se presenta un uso de la memoria previamente liberada en el archivo block/bfq-iosched.c relacionado con la función bfq_idle_slice_timer_body. A flaw was found in the Linux kernel's implementation of the BFQ IO scheduler. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9 https://github.com/torvalds/linux/commit/2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9 https://patchwork.kernel.org/patch/11447049 https://security.netapp.com/advisory/ntap-20200608-0001 https://usn.ubuntu.com/4363-1 https://usn.ubuntu.com/4367-1 https: • CWE-416: Use After Free •
CVE-2020-12656
https://notcve.org/view.php?id=CVE-2020-12656
gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they like and load that replicating the effect of this bug ** EN DISPUTA ** En la función gss_mech_free en el archivo net/sunrpc/auth_gss/gss_mech_switch.c en la implementación rpcsec_gss_krb5 en el kernel de Linux versiones hasta 5.6.10 carece de ciertas llamadas domain_release, onllevando a una perdida de memoria. Nota: Esto se discutió con la afirmación de que el tema no otorga ningún acceso no disponible. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://bugzilla.kernel.org/show_bug.cgi?id=206651 https://usn.ubuntu.com/4483-1 https://usn.ubuntu.com/4485-1 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2020-12655 – kernel: sync of excessive duration via an XFS v5 image with crafted metadata
https://notcve.org/view.php?id=CVE-2020-12655
An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. Se detectó un problema en la función xfs_agf_verify en el archivo fs/xfs/libxfs/xfs_alloc.c en el kernel de Linux versiones hasta 5.6.10. Los atacantes pueden desencadenar una sincronización de duración excesiva por medio de una imagen XFS v5 con metadatos diseñados, también se conoce como CID-d0c7feaf8767. A flaw was discovered in the XFS source in the Linux kernel. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0c7feaf87678371c2c09b3709400be416b2dc62 https://github.com/torvalds/linux/commit/d0c7feaf87678371c2c09b3709400be416b2dc62 https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://lists.fedoraproject.org/archives/li • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2020-12654 – kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c
https://notcve.org/view.php?id=CVE-2020-12654
An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591. Se detectó un problema en el kernel de Linux versiones anteriores a 5.5.4. En la función mwifiex_ret_wmm_get_status() en el archivo drivers/net/wireless/marvell/mwifiex/wmm.c permite a un AP remoto desencadenar un desbordamiento del búfer en la región heap de la memoria debido a una memcpy incorrecta, también se conoce como CID-3a9b153c5591. A flaw was found in the Linux kernel. The Marvell mwifiex driver allows a remote WiFi access point to trigger a heap-based memory buffer overflow due to an incorrect memcpy operation. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://www.openwall.com/lists/oss-security/2020/05/08/2 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a9b153c5591548612c3955c9600a98150c81875 https://github.com/torvalds/linux/commit/3a9b153c5591548612c3955c9600a98150c81875 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •