CVSS: 4.9EPSS: 0%CPEs: 32EXPL: 0CVE-2020-15025
https://notcve.org/view.php?id=CVE-2020-15025
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. ntpd en ntp versión 4.2.8 versiones anteriores a 4.2.8p15 y versiones 4.3.x anteriores a 4.3.101, permite a atacantes remotos causar una denegación de servicio (consumo de la memoria) mediante el envío de paquetes, porque la memoria no es liberada en situaciones donde se usa una clave CMAC y está asociada con un algoritmo CMAC en el archivo ntp.keys • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html https://bugs.gentoo.org/729458 https://security.gentoo.org/glsa/202007-12 https://security.netapp.com/advisory/ntap-20200702-0002 https://support.ntp.org/bin/view/Main/NtpBug3661 https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea https://www.oracle.com/security-alerts/cpujan2021.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.4EPSS: 0%CPEs: 41EXPL: 0CVE-2020-10732 – kernel: uninitialized kernel data leak in userspace coredumps
https://notcve.org/view.php?id=CVE-2020-10732
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. Se encontró un fallo en la implementación de los volcados de núcleo del Userspace del kernel de Linux. Este fallo permite a un atacante con una cuenta local bloquear un programa trivial y exfiltrar datos privados del kernel A flaw was found in the Linux kernel’s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732 https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=aca969cacf07f41070d788ce2b8ca71f09d5207d https://github.com/google/kmsan/issues/76 https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a https://lore.kernel.org/lkml/CAG_fn=VZZ7yUxtOGzuTLkr7wmfXWtKK9BHHYawj • CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 2%CPEs: 54EXPL: 0CVE-2020-11868 – ntp: DoS on client ntpd using server mode packet
https://notcve.org/view.php?id=CVE-2020-11868
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. ntpd en ntp versiones anteriores a 4.2.8p14 y versiones 4.3.x anteriores a 4.3.100, permite a un atacante fuera de ruta bloquear una sincronización no autenticada por medio de un paquete en modo server con una dirección IP de origen falsificado, porque las transmisiones son reprogramados aun cuando un paquete carece de una marca de tiempo de origen valido. A flaw was found in the Network Time Protocol (NTP), where a security issue exists that allows an off-path attacker to prevent the Network Time Protocol daemon (ntpd) from synchronizing with NTP servers not using authentication. A server mode packet with a spoofed source address sent to the client ntpd causes the next transmission to be rescheduled, even if the packet does not have a valid origin timestamp. If the packet is sent to the client frequently enough, it stops polling the server and is unable to synchronize with it. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html http://support.ntp.org/bin/view/Main/NtpBug3592 https://bugzilla.redhat.com/show_bug.cgi?id=1716665 https://lists.debian.org/debian-lts-announce/2020/05/msg00004.html https://security.gentoo.org/glsa/202007-12 https://security.netapp.com/advisory/ntap-20200424-0002 https://www.oracle.com//security-alerts/cpujul2021.html https://access&# • CWE-346: Origin Validation Error CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 52EXPL: 6CVE-2020-8835 – Linux kernel bpf verifier vulnerability
https://notcve.org/view.php?id=CVE-2020-8835
In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780) En el kernel de Linux versiones 5.5.0 y más recientes, el verificador bpf (kernel/bpf/verifier.c) no restringió apropiadamente los límites de registro para operaciones de 32 bits, conllevando a lecturas y escrituras fuera de límites en la memoria del kernel. La vulnerabilidad también afecta a la serie estable de Linux versión 5.4, comenzando con la versión v5.4.7, ya que el commit de introducción fue respaldado en esa derivación. • https://github.com/zilong3033/CVE-2020-8835 https://github.com/digamma-ai/CVE-2020-8835-verification https://github.com/SplendidSky/CVE-2020-8835 https://github.com/Prabhashaka/Exploitation-CVE-2020-8835 https://github.com/johnatag/INF8602-CVE-2020-8835 http://www.openwall.com/lists/oss-security/2021/07/20/1 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef https://git.kernel.org/pub/scm/linux/kernel/git/torvald • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 63EXPL: 0CVE-2020-8832 – Ubuntu 18.04 Linux kernel i915 incomplete fix for CVE-2019-14615
https://notcve.org/view.php?id=CVE-2020-8832
The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information. Se detectó que la solución para el kernel de Linux en Ubuntu versión 18.04 LTS para CVE-2019-14615 ("El kernel de Linux no borró apropiadamente las estructuras de datos en los conmutadores de contexto para determinados procesadores gráficos de Intel") estaba incompleta, lo que significa que en las versiones de kernel anteriores a 4.15.0-91.92, un atacante podría usar esta vulnerabilidad para exponer información confidencial. • https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840 https://security.netapp.com/advisory/ntap-20200430-0004 https://usn.ubuntu.com/usn/usn-4302-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •