CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2020-1730 – libssh: denial of service when handling AES-CTR (or DES) ciphers
https://notcve.org/view.php?id=CVE-2020-1730
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability. Se detectó un fallo en libssh versiones anteriores a 0.8.9 y versiones anteriores a 0.9.4, en la manera en que se manejaron los cifrados AES-CTR (o DES si está habilitado). El servidor o el cliente podrían bloquearse cuando la conexión no ha sido inicializada completamente y el sistema intenta limpiar los cifrados cuando se cierra la conexión. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1730 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2A7BIFKUYIYKTY7FX4BEWVC2OHS5DPOU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLSWHBQ3EPKGTGLQNH554Z746BJ3C554 https://security.netapp.com/advisory/ntap-20200424-0001 https://usn.ubuntu.com/4327-1 https://www.libssh.org/security/advisories/CVE-2020-1730.txt https://www.oracle.com/security-alerts/cpuoct2020.html https:/ • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 27EXPL: 1CVE-2020-11655
https://notcve.org/view.php?id=CVE-2020-11655
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. SQLite versiones hasta 3.31.1, permite a atacantes causar una denegación de servicio (fallo de segmentación) por medio de una consulta de una función de window malformada porque la inicialización el objeto AggInfo es manejada inapropiadamente. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc https://security.gentoo.org/glsa/202007-26 https://security.netapp.com/advisory/ntap-20200416-0001 https://usn.ubuntu.com/4394-1 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security- • CWE-665: Improper Initialization •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2020-8834 – Linux kernel KVM Power8 conflicting use of HSTATE_HOST_R1
https://notcve.org/view.php?id=CVE-2020-8834
KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the reporter, introduced the vulnerability: f024ee098476 ("KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures") 87a11bb6a7f7 ("KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode") The former landed in 4.8, the latter in 4.17. This was fixed without realizing the impact in 4.18 with the following three commits, though it's believed the first is the only strictly necessary commit: 6f597c6b63b6 ("KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()") 7b0e827c6970 ("KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm") 009c872a8bc4 ("KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file") KVM en el kernel de Linux en los procesadores Power8, presenta un uso conflictivo de HSTATE_HOST_R1 para almacenar el estado r1 en plus kvmppc_hv_entry en kvmppc_ {save, restore} _tm, conllevando a una corrupción de la pila. Debido a esto, un atacante con la capacidad de ejecutar código en el espacio del kernel de una Máquina Virtual invitada puede causar que el kernel del host entre en pánico. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1867717 https://usn.ubuntu.com/4318-1 https://usn.ubuntu.com/usn/usn-4318-1 https://www.openwall.com/lists/oss-security/2020/04/06/2 https://access.redhat.com/security/cve/CVE-2020-8834 https://bugzilla.redhat.com/show_bug.cgi?id=1819615 • CWE-121: Stack-based Buffer Overflow CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-368: Context Switching Race Condition •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11609
https://notcve.org/view.php?id=CVE-2020-11609
An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93. Se detectó un problema en el subsistema stv06xx en el kernel de Linux versiones anteriores a 5.6.1. Los archivos drivers/media/usb/gspca/stv06xx/stv06xx.c y drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c manejan inapropiadamente los descriptores no válidos, como es demostrado por una desreferencia del puntero NULL, también se conoce como CID-485b06aadb93. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=485b06aadb933190f4bc44e006076bc27a23f205 https://github.com/torvalds/linux/commit/485b06aadb933190f4bc44e006076bc27a23f205 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-a • CWE-476: NULL Pointer Dereference •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11608 – kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c
https://notcve.org/view.php?id=CVE-2020-11608
An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d. Se detectó un problema en el kernel de Linux versiones anteriores a 5.6.1. El archivo drivers/media/usb/gspca/ov519.c, permite desreferencias del puntero NULL en las funciones ov511_mode_init_regs y ov518_mode_init_regs cuando hay cero endpoints, también se conoce como CID-998912346c0d. A flaw was found in the way the ov519 driver in the Linux kernel handled certain types of USB descriptors. This flaw allows an attacker with the ability to induce the error conditions to crash the system. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=998912346c0da53a6dbb71fab3a138586b596b30 https://github.com/torvalds/linux/commit/998912346c0da53a6dbb71fab3a138586b596b30 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-a • CWE-476: NULL Pointer Dereference •