Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:USN-4680-1
HistoryJan 06, 2021 - 3:41 a.m.

linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities

2021-01-0603:41:27
Google
osv.dev
5

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

7.2 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

69.4%

JSON

It was discovered that debugfs in the Linux kernel as used by blktrace
contained a use-after-free in some situations. A privileged local attacker
could possibly use this to cause a denial of service (system crash).
(CVE-2019-19770)

It was discovered that a race condition existed in the binder IPC
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2020-0423)

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered
that legacy pairing and secure-connections pairing authentication in the
Bluetooth protocol could allow an unauthenticated user to complete
authentication without pairing credentials via adjacent access. A
physically proximate attacker could use this to impersonate a previously
paired Bluetooth device. (CVE-2020-10135)

It was discovered that the console keyboard driver in the Linux kernel
contained a race condition. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2020-25656)

Minh Yuan discovered that the tty driver in the Linux kernel contained race
conditions when handling fonts. A local attacker could possibly use this to
expose sensitive information (kernel memory). (CVE-2020-25668)

Keyu Man discovered that the ICMP global rate limiter in the Linux kernel
could be used to assist in scanning open UDP ports. A remote attacker could
use to facilitate attacks on UDP based services that depend on source port
randomization. (CVE-2020-25705)

Jinoh Kang discovered that the Xen event channel infrastructure in the
Linux kernel contained a race condition. An attacker in guest could
possibly use this to cause a denial of service (dom0 crash).
(CVE-2020-27675)

Daniel Axtens discovered that PowerPC RTAS implementation in the Linux
kernel did not properly restrict memory accesses in some situations. A
privileged local attacker could use this to arbitrarily modify kernel
memory, potentially bypassing kernel lockdown restrictions.
(CVE-2020-27777)

Minh Yuan discovered that the framebuffer console driver in the Linux
kernel did not properly handle fonts in some conditions. A local attacker
could use this to cause a denial of service (system crash) or possibly
expose sensitive information (kernel memory). (CVE-2020-28974)

Related

ubuntu 9
nessus 43
cloudfoundry 1
openvas 33
osv 11
amazon 3
debian 2
photon 7
fedora 9
prion 9
debiancve 8
ubuntucve 9
veracode 3
cve 9
oraclelinux 5
suse 4
redhatcve 10
cbl_mariner 5
xen 1
githubexploit 2
ibm 4
f5 4
cert 1
huawei 1
openwrt 1
ics 1
thn 1
mageia 2
lenovo 1
ubuntu
ubuntu
Linux kernel vulnerabilities
2021-01-06 00:00:00
Linux kernel vulnerabilities
2021-01-06 00:00:00
Linux kernel vulnerabilities
2021-01-06 00:00:00
nessus
nessus
Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4680-1)
2021-01-06 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4679-1)
2021-01-06 00:00:00
Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4681-1)
2021-01-06 00:00:00
cloudfoundry
cloudfoundry
USN-4680-1: Linux kernel vulnerabilities | Cloud Foundry
2021-02-10 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4680-1)
2021-01-11 00:00:00
Ubuntu: Security Advisory (USN-4679-1)
2021-01-11 00:00:00
Ubuntu: Security Advisory (USN-4681-1)
2021-01-11 00:00:00
osv
osv
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
2021-01-06 03:24:21
linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities
2021-01-06 03:35:10
linux-4.19 - security update
2020-12-05 00:00:00
amazon
amazon
Medium: kernel
2020-12-16 20:31:00
Important: kernel
2020-12-08 20:55:00
Medium: kernel
2021-01-12 22:51:00
debian
debian
[SECURITY] [DLA 2483-1] linux-4.19 security update
2020-12-10 11:11:34
[SECURITY] [DLA 2494-1] linux security update
2020-12-18 12:14:03
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0296
2020-11-17 00:00:00
Important Photon OS Security Update - PHSA-2020-0177
2020-12-14 00:00:00
Important Photon OS Security Update - PHSA-2020-0174
2020-12-10 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: kernel-5.9.8-100.fc32
2020-11-16 01:13:01
[SECURITY] Fedora 33 Update: kernel-5.9.8-200.fc33
2020-11-16 01:09:27
[SECURITY] Fedora 33 Update: kernel-5.8.17-300.fc33
2020-11-03 01:01:18
prion
prion
Design/Logic Flaw
2019-12-12 20:15:00
Race condition
2020-10-22 21:15:00
Design/Logic Flaw
2020-11-20 18:15:00
debiancve
debiancve
CVE-2019-19770
2019-12-12 20:15:00
CVE-2020-27675
2020-10-22 21:15:00
CVE-2020-25668
2021-05-26 12:15:00
ubuntucve
ubuntucve
CVE-2019-19770
2019-12-12 00:00:00
CVE-2020-27675
2020-10-22 00:00:00
CVE-2020-25705
2020-11-17 00:00:00
veracode
veracode
Use-after-free
2020-11-05 03:09:48
Denial Of Service (DoS)
2021-05-20 15:30:03
Source Port UDP Randomization Bypass
2020-12-06 02:21:40
cve
cve
CVE-2019-19770
2019-12-12 20:15:00
CVE-2020-27675
2020-10-22 21:15:00
CVE-2020-28974
2020-11-20 18:15:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2020-12-15 00:00:00
Unbreakable Enterprise kernel security update
2020-12-14 00:00:00
Unbreakable Enterprise kernel-container security update
2021-01-12 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2020-12-15 00:00:00
Security update for the Linux Kernel (important)
2020-12-05 00:00:00
Security update for the Linux Kernel (important)
2020-12-07 00:00:00
redhatcve
redhatcve
CVE-2020-27675
2020-10-23 20:05:33
CVE-2019-19770
2019-12-23 18:38:46
CVE-2020-28974
2020-12-01 12:31:07
cbl_mariner
cbl_mariner
CVE-2020-27675 affecting package kernel 5.4.91-6
2021-01-29 07:40:05
CVE-2020-25705 affecting package kernel 5.4.91-6
2021-01-29 07:40:05
CVE-2020-28974 affecting package kernel 5.4.91-6
2021-01-29 07:40:05
xen
xen
Race condition in Linux event handler may crash dom0
2020-10-20 11:49:00
githubexploit
githubexploit
Exploit for Use of Insufficiently Random Values in Linux Linux Kernel
2020-11-14 08:53:13
Exploit for Authentication Bypass by Spoofing in Bluetooth Bluetooth Core
2020-06-01 07:36:37
ibm
ibm
Security Bulletin: UDP source port randomization flaw in IBM DataPower Gateway (CVE-2020-25705)
2022-12-16 18:57:51
Security Bulletin: Vulnerability in Linux Kernel affects IBM Integrated Analytics System.
2022-04-20 08:52:46
Security Bulletin: IBM MQ Appliance is affected by a Kernel vulnerability (CVE-2020-25705)
2022-12-22 17:30:13
f5
f5
K09604370 : Linux kernel vulnerability CVE-2020-25705
2020-12-23 00:00:00
K61294700 : Linux kernel vulnerability CVE-2020-27777
2021-11-05 00:00:00
K07933942 : Linux kernel vulnerabilities CVE-2020-25668, CVE-2020-25669
2022-05-10 00:00:00
cert
cert
Bluetooth devices supporting BR/EDR are vulnerable to impersonation attacks
2020-05-18 00:00:00
huawei
huawei
Security Advisory - Improper Authentication Vulnerability in Bluetooth Affect Several Huawei Products
2020-08-05 00:00:00
openwrt
openwrt
Security Advisory 2020-12-09-1 - Linux kernel - ICMP rate limiting can be used to facilitate DNS poisoning attack (CVE-2020-25705)
2020-12-09 16:52:08
ics
ics
Siemens Linux-based Products (Update J)
2022-08-18 12:00:00
thn
thn
SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks
2020-11-13 07:12:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2021-01-15 15:31:01
Updated kernel packages fix security vulnerabilities
2021-01-15 15:31:01
lenovo
lenovo
Encryption Key Negotiation of Bluetooth Vulnerability - Lenovo Support US
2019-08-13 15:18:05

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

7.2 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

69.4%

JSON
Related for OSV:USN-4680-1
ubuntu9nessus43cloudfoundry1openvas33osv11amazon3debian2photon7fedora9prion9debiancve8ubuntucve9veracode3cve9oraclelinux5suse4redhatcve10cbl_mariner5xen1githubexploit2ibm4f54cert1huawei1openwrt1ics1thn1mageia2lenovo1