DEBIAN-CVE-2020-10690

There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptpclock and cdev while resource deallocation. When a high privileged process allocates a ptp device file like /dev/ptpX and voluntarily goes to sleep. During this time if the underlying device ...

The vulnerability of the parsec inode permission module in the linux-astra-modules package, related to access control deficiencies for non-functional Unix sockets, allows a intruder to compromise data integrity.

The vulnerability of the parsec inode permission module in the linux-astra-modules package is related to deficiencies in access control for non-functional Unix sockets. Exploiting this vulnerability could allow a malicious actor to compromise data integrity from a remote location...

kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open

There is a use-after-free problem seen due to a race condition between the release of ptpclock and cdev while resource deallocation. When a high privileged process allocates a ptp device file like /dev/ptpX and voluntarily goes to sleep. During this time if the underlying device is removed, it ca...

kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open

There is a use-after-free problem seen due to a race condition between the release of ptpclock and cdev while resource deallocation. When a high privileged process allocates a ptp device file like /dev/ptpX and voluntarily goes to sleep. During this time if the underlying device is removed, it ca...

CVE-2020-10690

There is a use-after-free problem seen due to a race condition between the release of ptpclock and cdev while resource deallocation. When a high privileged process allocates a ptp device file like /dev/ptpX and voluntarily goes to sleep. During this time if the underlying device is removed, it ca...

PT-2020-12933 · None +2 · Aufs +2

Name of the Vulnerable Software and Affected Versions: aufs affected versions not specified Description: A local attacker could exploit the improper management of inode reference counts in the vfsub dentry open method to cause a denial of service attack. Recommendations: At the moment, there is n...

Authorization Bypass

kernel is vulnerable to authorization bypass. A flaw was found in the Linux kernel's XFS file system implementation. The file handle lookup could return an invalid inode as valid. If an XFS file system was mounted via NFS Network File System, a local attacker could access stale data or overwrite...

The vulnerability of the ext4_protect_reserved inode function (fs/ext4/block_validity.c) in the Linux kernel allows a attacker to cause a service failure.

The vulnerability of the ext4protectreserved inode function fs/ext4/blockvalidity.c in the Linux kernel involves uncontrolled resource consumption. Exploiting this vulnerability could allow an attacker to cause service failures...

Security feature bypass

OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions...

Linux kernel denial of service vulnerability (CNVD-2020-13205)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the ext4protectreservedinode in the fs/ext4/blockvalidity.c file in Linux kernel 5.5.3 and earlier. A remote attacker can exploit th...

DEBIAN-CVE-2020-8992

ext4protectreservedinode in fs/ext4/blockvalidity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service soft lockup via a crafted journal size...

UBUNTU-CVE-2020-8992

ext4protectreservedinode in fs/ext4/blockvalidity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service soft lockup via a crafted journal size...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1303)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-13098

An issue was discovered in the F2FS filesystem code in the Linux kernel in fs/f2fs/inode.c. A denial of service due to a slab out-of-bounds read can occur for a crafted f2fs filesystem image in which FIEXTRAATTR is set in an inode...

CVE-2019-19767

A use-after-free flaw was found in the Linux kernel’s ext4 file system functionality when the user mount ext4 partition, with the usage of an additional debug parameter is defining an extra inode size. If this parameter has a non zero value, this flaw allows a local user to crash the system when...

kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members

A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group an...

kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members

A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group an...

kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members

A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group an...

kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members

A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group an...

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel (AWS) vulnerabilities (USN-4118-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4118-1 advisory. It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could...