CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 1CVE-2020-8648 – kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c
https://notcve.org/view.php?id=CVE-2020-8648
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. Se presenta una vulnerabilidad de uso de la memoria previamente liberada en el kernel de Linux versiones hasta 5.5.2, en la función n_tty_receive_buf_common en el archivo drivers/tty/n_tty.c. A use-after-free flaw was found in the Linux kernel console driver when using the copy-paste buffer. This flaw allows a local user to crash the system. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://bugzilla.kernel.org/show_bug.cgi?id=206361 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://security.netapp.com/advisory/ntap-20200924-0004 https://usn.ubuntu.com/4342-1 https://usn.ubuntu.com/4344-1 https://usn.ubuntu.com/4345-1 • CWE-416: Use After Free •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 1CVE-2020-8649 – kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c
https://notcve.org/view.php?id=CVE-2020-8649
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. Se presenta una vulnerabilidad de uso de la memoria previamente liberada en el kernel de Linux versiones hasta 5.5.2, en la función vgacon_invert_region en el archivo drivers/video/console/vgacon.c. A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console. An out-of-bounds read can occur, leaking information to the console. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html https://bugzilla.kernel.org/show_bug.cgi?id=206357 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://www.debian.org/security/2020/dsa-4698 https://access.redhat.com/security/cve/CVE-2020-8649 https://bugzilla.redhat.com/show_bug.cgi?id=1802555 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8428
https://notcve.org/view.php?id=CVE-2020-8428
fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed. El archivo fs/namei.c en el kernel de Linux versiones anteriores a 5.5, presenta una vulnerabilidad de uso de la memoria previamente liberada en la función may_create_in_sticky, que permite a usuarios locales causar una denegación de servicio (OOPS) u obtener información confidencial de la memoria del kernel, también se conoce como CID-d0cb50185ae9. Un vector de ataque puede ser una llamada de sistema abierta para un socket del dominio UNIX, si el socket está siendo movido hacia un nuevo directorio padre y su antiguo directorio padre está siendo eliminado. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html http://www.openwall.com/lists/oss-security/2020/01/28/4 http://www.openwall.com/lists/oss-security/2020/02/02/1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6 https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6 https://lists.debian.org/deb • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20422
https://notcve.org/view.php?id=CVE-2019-20422
In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db. En el kernel de Linux versiones anteriores a 5.3.4, la función fib6_rule_lookup en el archivo net/ipv6/ip6_fib.c maneja inapropiadamente el flag RT6_LOOKUP_F_DST_NOREF en una decisión de conteo de referencias, lo que conlleva a (por ejemplo) un bloqueo que fue identificado por syzkaller, también se conoce como CID-7b09c2d052db. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4 https://github.com/torvalds/linux/commit/7b09c2d052db4b4ad0b27b97918b46a7746966fa https://security.netapp.com/advisory/ntap-20200313-0003 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 5.3EPSS: 0%CPEs: 19EXPL: 0CVE-2019-18282 – kernel: The flow_dissector feature allows device tracking
https://notcve.org/view.php?id=CVE-2019-18282
The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code. La función flow_dissector en el kernel de Linux 4.3 a 5.x anterior a la versión 5.3.10 tiene una vulnerabilidad de seguimiento del dispositivo, también conocida como CID-55667441c84f. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=55667441c84fa5e0911a0aac44fb059c15ba6da2 https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://security.netapp.com/advisory/ntap-20200204-0002 https://www.computer.org/csdl/proceedings-article/sp/2020/349700b594/1j2LgrHDR2o https://access.redhat.com/security/cve/CVE-2019-18282 https://bugzilla.redhat.com/show_bug.cgi?id=1796360 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-330: Use of Insufficiently Random Values •