Page 622 of 3437 results (0.067 seconds)

CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0

A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo en el kernel de Linux versiones anteriores a 5.9-rc4. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14385 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f4020438fab05364018c91f7e02ebdd192085933 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://usn.ubuntu.com/4576-1 https://access.redhat.com/security/cve/CVE-2020-14385 https://bugzilla.redhat.com/show_bug.cgi?id=1874800 • CWE-131: Incorrect Calculation of Buffer Size •

CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0

A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality. Se encontró un fallo de divulgación de la memoria en los controladores ethernet del kernel de Linux, en la manera en que lee los datos de la EEPROM del dispositivo. Este fallo permite a un usuario local leer valores no inicializados desde la memoria del kernel. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960702 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14304 • CWE-460: Improper Cleanup on Thrown Exception CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 1

A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en la implementación del kernel de Linux del código de video invertido en consolas VGA cuando un atacante local intenta cambiar el tamaño de la consola, llamando un ioctl VT_RESIZE, lo que causa una escritura fuera de límites. Este fallo permite a un usuario local con acceso a la consola VGA bloquear el sistema, escalando potencialmente sus privilegios en el sistema. • https://bugzilla.redhat.com/show_bug.cgi?id=1858679 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://lists.openwall.net/linux-kernel/2020/07/29/234 https://www.openwall.com/lists/oss-security/2020/07/28/2 https://access.redhat.com/security/cve/CVE-2020-14331 • CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability. Se encontró un fallo de lectura de memoria fuera de límites en el kernel de Linux versiones anteriores a 5.9-rc2, con el sistema de archivos ext3/ext4, en la manera en que accede a un directorio con indexación rota. Este fallo permite a un usuario local bloquear el sistema si el directorio existe. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14314 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5872331b3d91820e14716632ebb56b1399b34fe1 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://lore.kernel.org/linux-ext4/f53e246b-647c-64bb-16ec-135383c70ad7%40redhat.com/T/#u https://usn.ubuntu. • CWE-125: Out-of-bounds Read •

CVSS: 4.1EPSS: 0%CPEs: 4EXPL: 0

The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. El controlador de dispositivo del bloque rbd en el archivo drivers/block/rbd.c en el kernel de Linux versiones hasta 5.8.9, usaba una comprobación incompleta de permisos para acceder a dispositivos rbd, que podrían ser aprovechados por atacantes locales para asignar o desasignar dispositivos de bloque rbd, también se conoce como CID-f44d04e696fe A flaw was found in the capabilities check of the rados block device functionality in the Linux kernel. Incorrect capability checks could alllow a local user with root priviledges (but no capabilities) to add or remove Rados Block Devices from the system. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f44d04e696feaf13d192d942c4f14ad2e117065a https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://twitter.com/grsecurity/ • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-863: Incorrect Authorization •