// For flags

CVE-2020-0404

kernel: avoid cyclic entity chains due to malformed USB descriptors

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel

En la función uvc_scan_chain_forward del archivo uvc_driver.c, se presenta una posible corrupción de la lista enlazada debido a una causa raíz inusual. Esto podría conllevar a una escalada de privilegios local en el kernel sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. Producto: Android, Versiones: kernel de Android, ID de Android: A-111893654 Referencias: kernel ascendente

A flaw linked list corruption in the Linux kernel for USB Video Class driver functionality was found in the way user connects web camera to the USB port. A local user could use this flaw to crash the system.

Red Hat Advanced Cluster Management for Kubernetes 2.5.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include privilege escalation and traversal vulnerabilities.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-10-17 CVE Reserved
  • 2020-09-17 CVE Published
  • 2024-08-04 CVE Updated
  • 2025-07-09 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-269: Improper Privilege Management
  • CWE-284: Improper Access Control
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
--
Affected
Oracle
Search vendor "Oracle"
 Communications Cloud Native Core Binding Support Function
Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function"
 22.1.3
Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" and version "22.1.3"
-
Affected
Oracle
Search vendor "Oracle"
 Communications Cloud Native Core Network Exposure Function
Search vendor "Oracle" for product "Communications Cloud Native Core Network Exposure Function"
 22.1.1
Search vendor "Oracle" for product "Communications Cloud Native Core Network Exposure Function" and version "22.1.1"
-
Affected
Oracle
Search vendor "Oracle"
 Communications Cloud Native Core Policy
Search vendor "Oracle" for product "Communications Cloud Native Core Policy"
 22.2.0
Search vendor "Oracle" for product "Communications Cloud Native Core Policy" and version "22.2.0"
-
Affected