Lucene search

Element Software Security Vulnerabilities - 2020

cve

CVE-2020-10690

There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying devi...

6.5CVSS

6.5AI Score

0.0004EPSS

2020-05-08 03:15 PM

344

cve

CVE-2020-11884

In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.

7CVSS

6.6AI Score

0.0004EPSS

2020-04-29 01:15 PM

222

cve

CVE-2020-12653

An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.

7.8CVSS

7.5AI Score

0.0004EPSS

2020-05-05 06:15 AM

362

cve

CVE-2020-12769

An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.

5.5CVSS

5.7AI Score

0.0004EPSS

2020-05-09 09:15 PM

357

cve

CVE-2020-12770

An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.

6.7CVSS

6.7AI Score

0.0005EPSS

2020-05-09 09:15 PM

419

cve

CVE-2020-12771

An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.

5.5CVSS

5.9AI Score

0.001EPSS

2020-05-09 09:15 PM

282

cve

CVE-2020-12888

The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.

5.3CVSS

6AI Score

0.0005EPSS

2020-05-15 06:15 PM

525

cve

CVE-2020-13143

gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.

6.5CVSS

6.5AI Score

0.006EPSS

2020-05-18 06:15 PM

348

cve

CVE-2020-13817

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path atta...

7.4CVSS

7.2AI Score

0.059EPSS

2020-06-04 01:15 PM

444

cve

CVE-2020-29368

An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.

7CVSS

6.6AI Score

0.001EPSS

2020-11-28 07:15 AM

275