Page 870 of 4645 results (0.015 seconds)

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable. Se encontró un fallo en el kernel de Linux versiones anteriores a 5.8-rc6 en el módulo del kernel ZRAM, donde un usuario con una cuenta local y la capacidad de leer el archivo /sys/class/zram-control/hot_add puede crear nodos de dispositivo ZRAM en el directorio /dev/. Esta lectura asigna memoria del kernel y no es contabilizada para un usuario que activa la creación de ese dispositivo ZRAM. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10781 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=853eab68afc80f59f36bbdeb715e5c88c501e680 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://www.openwall.com/lists/oss-security/2020/06/18/1 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 2

A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. Se detectó un fallo de desreferencia de puntero null en el subsistema cgroupv2 del kernel de Linux en versiones anteriores a 5.7.10, en la manera de reiniciar el sistema. Un usuario local podría usar este fallo para bloquear el sistema o escalar sus privilegios en el sistema. A use-after-free flaw was found in the Linux kernel’s cgroupv2 subsystem when rebooting the system. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html https://bugzilla.kernel.org/show_bug.cgi?id=208003 https://bugzilla.redhat.com/show_bug.cgi?id=1868453 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://lore.kernel.org/netdev/C • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •

CVSS: 7.1EPSS: 0%CPEs: 13EXPL: 0

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. En el kernel de Linux versiones anteriores a 5.7.8, el archivo fs/nfsd/vfs.c (en el servidor NFS), puede establecer permisos incorrectos en nuevos objetos de un sistema de archivos cuando el sistema de archivos carece de soporte de ACL, también se conoce como CID-22cf8419f131. Esto ocurre porque no es considerada la umask actual. A vulnerability was found in NFSv4.2 in the Linux kernel, where a server fails to correctly apply umask when creating a new object on filesystem without ACL support (for example, ext4 with the "noacl" mount option). • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832 https://security.netapp.com/advisory/ntap-20200904-0003 https://usn.ubuntu.com/4465-1 https://usn.ubuntu.com/4483-1 https://usn.ubuntu.com/4485-1 https://www.orac • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. El kernel de Linux versiones hasta 5.7.11, permite a atacantes remotos realizar observaciones que ayudan a obtener información confidencial sobre el estado interno de la red RNG, también se conoce como CID-f227e3ec3b5c. Esto está relacionado con los archivos drivers/char/random.c y kernel/time/timer.c A flaw was found in the Linux kernel. The generation of the device ID from the network RNG internal state is predictable. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html https://arxiv.org/pdf/2012.07432.pdf https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f227e3ec3b5cad859ad15666874405e8c1bbc1d4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c51f8f88d705e06bd696d7510aff22b33eb8e638 https://github.com/torvalds/linux/commit/f227e3ec3b5cad859ad15666874405e8c1bbc1d4 https://lists.debian& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-330: Use of Insufficiently Random Values •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality. Se encontró un fallo en el kernel de Linux versiones anteriores a 5.8-rc1, en la implementación de la Enhanced IBPB (Indirect Branch Prediction Barrier). • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10767 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=21998a351512eba4ed5969006f0c55882d995ada https://access.redhat.com/security/cve/CVE-2020-10767 https://bugzilla.redhat.com/show_bug.cgi?id=1845867 • CWE-440: Expected Behavior Violation •