CVE-2020-15436 – kernel: use-after-free in fs/block_dev.c
https://notcve.org/view.php?id=CVE-2020-15436
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. La vulnerabilidad de tipo use-after-free en el archivo fs/block_dev.c en el kernel de Linux versiones anteriores a 5.8, permite a usuarios locales obtener privilegios o causar una denegación de servicio al aprovechar el acceso inapropiado a un determinado campo de error A use-after-free flaw was observed in blkdev_get(), in fs/block_dev.c after a call to __blkdev_get() fails, and its refcount gets freed/released. This problem may cause a denial of service problem with a special user privilege, and may even lead to a confidentiality issue. • https://lkml.org/lkml/2020/6/7/379 https://security.netapp.com/advisory/ntap-20201218-0002 https://access.redhat.com/security/cve/CVE-2020-15436 https://bugzilla.redhat.com/show_bug.cgi?id=1901168 • CWE-416: Use After Free •
CVE-2020-14351 – Linux Kernel Performance Counters Race Condition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-14351
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en el kernel de Linux. Se encontró un fallo de uso de la memoria previamente liberada en el subsistema perf que permitía a un atacante local con permiso para monitorear eventos de desempeño para corromper la memoria y posiblemente escalar privilegios. • https://bugzilla.redhat.com/show_bug.cgi?id=1862849 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html https://access.redhat.com/security/cve/CVE-2020-14351 • CWE-416: Use After Free •
CVE-2020-28974 – kernel: slab-out-of-bounds read in fbcon
https://notcve.org/view.php?id=CVE-2020-28974
A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. Una lectura fuera de límites en fbcon en el kernel de Linux versiones anteriores a 5.9.7, podría ser usada por parte de atacantes locales para leer información privilegiada o potencialmente bloquear el kernel, también se conoce como CID-3c4e0dff2095. Esto ocurre porque la función KD_FONT_OP_COPY en el archivo drivers/tty/vt/vt.c puede ser usada para manipulaciones tales como la altura de la fuente An out-of-bounds (OOB) SLAB memory access flaw was found in the Linux kernel's fbcon driver module. A bounds check failure allows a local attacker with special user privileges to gain access to out-of-bounds memory, leading to a system crash or leaking of internal kernel information. • http://www.openwall.com/lists/oss-security/2020/11/25/1 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.7 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c4e0dff2095c579b142d5a0693257f1c58b4804 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html https://seclists.org/oss-sec/2020/q4/104 https://security.netapp.com/advisory/ntap-20210108-0003 https:/& • CWE-125: Out-of-bounds Read •
CVE-2020-28941
https://notcve.org/view.php?id=CVE-2020-28941
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. Se detectó un problema en el archivo drivers/accessibility/speakup/spk_ttyio.c en el kernel de Linux versiones hasta 5.9.9. Los atacantes locales en sistemas con el controlador speakup podrían causar un ataque local de denegación de servicio, también se conoce como CID-d41227544427. • http://www.openwall.com/lists/oss-security/2020/11/19/5 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d4122754442799187d5d537a9c039a49a67e57f1 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-linus&id=d4122754442799187d5d537a9c039a49a67e57f1 https://github.com/torvalds/linux/commit/d4122754442799187d5d537a9c039a49a67e57f1 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists. • CWE-763: Release of Invalid Pointer or Reference •
CVE-2020-28915 – kernel: out-of-bounds read in fbcon_get_font function
https://notcve.org/view.php?id=CVE-2020-28915
A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. Una lectura excesiva de buffer (en la capa framebuffer) en el código fbcon en el kernel de Linux versiones anteriores a 5.8.15, podría ser usada por unos atacantes locales para leer la memoria del kernel, también se conoce como CID-6735b4632def An out-of-bounds (OOB) memory access flaw was found in fbcon_get_font() in drivers/video/fbdev/core/fbcon.c in fbcon driver module in the Linux kernel. A bound check failure allows a local attacker with special user privilege to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to integrity and system availability. • https://bugzilla.suse.com/show_bug.cgi?id=1178886 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.15 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5af08640795b2b9a940c9266c0260455377ae262 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6735b4632def0640dbdf4eb9f99816aca18c4f16 https://syzkaller.appspot.com/bug?id=08b8be45afea11888776f897895aef9ad1c3ecfd https://access.redhat.com/security/cve/CVE-2020-28915 https://bugzilla.redhat.com& • CWE-125: Out-of-bounds Read •