Lucene search

K
osvGoogleOSV:USN-4711-1
HistoryFeb 05, 2021 - 1:04 a.m.

linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities

2021-02-0501:04:52
Google
osv.dev
11

6.3 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.9%

It was discovered that the LIO SCSI target implementation in the Linux
kernel performed insufficient identifier checking in certain XCOPY
requests. An attacker with access to at least one LUN in a multiple
backstore environment could use this to expose sensitive information or
modify data. (CVE-2020-28374)

Kiyin (ๅฐนไบฎ) discovered that the perf subsystem in the Linux kernel did
not properly deallocate memory in some situations. A privileged attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2020-25704)