Page 539 of 2850 results (0.081 seconds)

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 1

CVE-2020-15780 – kernel: lockdown: bypass through ACPI write via acpi_configfs

https://notcve.org/view.php?id=CVE-2020-15780

An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30. Se detectó un problema en el archivo drivers/acpi/acpi_configfs.c en el kernel de Linux versiones anteriores a 5.7.7. Una inyección de tablas ACPI maliciosas por medio de configfs podría ser usada por atacantes para omitir el bloqueo y asegurar las restricciones de arranque, también se conoce como CID-75b0cea7bf30 A flaw was found in how the ACPI table loading through acpi_configfs was handled when the kernel was locked down. This flaw allows a (root) privileged local user to circumvent the kernel lockdown restrictions. • https://github.com/Annavid/CVE-2020-15780-exploit http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html http://www.openwall.com/lists/oss-security/2020/07/20/7 http://www.openwall.com/lists/oss-security/2020/07/29/3 http://www.openwall.com/lists/oss-security/2020/07/30/2 http://www.openwall.com/lists/oss-security/2020/07/30/3 https://cdn.kernel.org/pub/linux/kernel&# • CWE-284: Improper Access Control CWE-862: Missing Authorization •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2020-15393

https://notcve.org/view.php?id=CVE-2020-15393

In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. En el kernel de Linux versión 4.4 hasta la versión 5.7.6, la función usbtest_disconnect en el archivo drivers/usb/misc/usbtest.c presenta una pérdida de memoria, también se conoce como CID-28ebeb8db770 • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=831eebad70a25f55b5745453ac252d4afe997187 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=28ebeb8db77035e058a510ce9bd17c2b9a009dba https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-14416

https://notcve.org/view.php?id=CVE-2020-14416

In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c. En el kernel de Linux versiones anteriores a 5.4.16, una condición de carrera en el manejo de tty-)disc_data en la disciplina de línea slip y slcan podría conllevar a un uso de la memoria previamente liberada, también se conoce como CID-0ace17d56824. Esto afecta a los archivos drivers/net/slip/slip.c y drivers/net/can/slcan.c • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html https://bugzilla.suse.com/show_bug.cgi?id=1162002 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.16 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ace17d56824165c7f4c68785d6b58971db954dd • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 4.4EPSS: 0%CPEs: 41EXPL: 0

CVE-2020-10732 – kernel: uninitialized kernel data leak in userspace coredumps

https://notcve.org/view.php?id=CVE-2020-10732

A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. Se encontró un fallo en la implementación de los volcados de núcleo del Userspace del kernel de Linux. Este fallo permite a un atacante con una cuenta local bloquear un programa trivial y exfiltrar datos privados del kernel A flaw was found in the Linux kernel’s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732 https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=aca969cacf07f41070d788ce2b8ca71f09d5207d https://github.com/google/kmsan/issues/76 https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a https://lore.kernel.org/lkml/CAG_fn=VZZ7yUxtOGzuTLkr7wmfXWtKK9BHHYawj • CWE-908: Use of Uninitialized Resource •

CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 1

CVE-2020-10757 – kernel: kernel: DAX hugepages not considered during mremap

https://notcve.org/view.php?id=CVE-2020-10757

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. Se encontró un fallo en el kernel de Linux en las versiones posteriores a 4.5-rc1, en la manera en que mremap manejó DAX Huge Pages. Este fallo permite a un atacante local con acceso a un almacenamiento habilitado para DAX escalar sus privilegios en el sistema A flaw was found in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html https://bugzilla.redhat.com/show_bug.cgi?id=1842525 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9 https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IEM47BXZJLODRH5YNNZSAQ2NVM63MYMC https://security.netapp.com/advisory/ntap-20200702-0004 https://usn.ubuntu.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •