Lucene search

[email protected]NVD:CVE-2020-12464

HistoryApr 29, 2020 - 6:15 p.m.

CVE-2020-12464

2020-04-2918:15:13

CWE-416

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.3%

JSON

usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925.

Affected configurations

NVD

Node

linuxlinux_kernelRange<3.16.85

linuxlinux_kernelRange3.17–4.4.221

linuxlinux_kernelRange4.5–4.9.221

linuxlinux_kernelRange4.10–4.14.178

linuxlinux_kernelRange4.15–4.19.119

linuxlinux_kernelRange4.20–5.4.36

linuxlinux_kernelRange5.5–5.6.8

Node

netappactive_iq_unified_managerMatch-vmware_vsphere

netappcloud_backupMatch-

netapphci_baseboard_management_controllerMatchh300s

netapphci_baseboard_management_controllerMatchh410c

netapphci_baseboard_management_controllerMatchh410s

netapphci_baseboard_management_controllerMatchh500s

netapphci_baseboard_management_controllerMatchh610c

netapphci_baseboard_management_controllerMatchh610s

netapphci_baseboard_management_controllerMatchh615c

netapphci_baseboard_management_controllerMatchh700s

netapphci_storage_nodesMatch-

netappsolidfire_\&_hci_storage_nodeMatch-

netappsteelstore_cloud_integrated_storageMatch-

netappaff_a700sMatch-

netapphci_compute_nodeMatch-

netappsolidfire_baseboard_management_controllerMatch-

References

lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html

cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=056ad39ee9253873522f6469c3364964a322912b

github.com/torvalds/linux/commit/056ad39ee9253873522f6469c3364964a322912b

lists.debian.org/debian-lts-announce/2020/06/msg00011.html

lists.debian.org/debian-lts-announce/2020/06/msg00012.html

lists.debian.org/debian-lts-announce/2020/06/msg00013.html

lkml.org/lkml/2020/3/23/52

patchwork.kernel.org/patch/11463781/

security.netapp.com/advisory/ntap-20200608-0001/

usn.ubuntu.com/4387-1/

usn.ubuntu.com/4388-1/

usn.ubuntu.com/4389-1/

usn.ubuntu.com/4390-1/

usn.ubuntu.com/4391-1/

www.debian.org/security/2020/dsa-4698

www.debian.org/security/2020/dsa-4699

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.3%

JSON

Related for NVD:CVE-2020-12464

osv7 redhatcve1 ubuntucve1 veracode1 prion1 ibm3 debiancve1 cve1 cbl_mariner1 cvelist1 nessus38 openvas26 mageia2 ubuntu5 cloudfoundry1 photon5 oraclelinux4 debian7 slackware1 suse1 almalinux1 redhat4 threatpost1