129 matches found
CVE-2020-10711
The CVE-2020-10711 entry concerns a NULL pointer dereference in the Linux kernel SELinux subprocess during CIPSO category bitmap import. Affected are kernel versions before 5.7; processing the CIPSO restricted bitmap tag in cipso_v4_parsetag_rbm sets a security attribute indicating the bitmap exi...
CVE-2020-12888
CVE-2020-12888 affects the Linux kernel VFIO PCI driver (through 5.6.13) and arises from improper handling of accesses to disabled MMIO space. A local attacker or a guest VM with VFIO access could trigger a denial of service or crash by exploiting writes/reads to disabled memory regions. Connecte...
CVE-2020-25705
CVE-2020-25705 is a Linux kernel ICMP handling flaw that lets an off-path attacker bypass UDP source port randomization and rapidly scan open UDP ports. Affected products include various kernel versions and embedded/Linux-based devices; remediation is via kernel updates (e.g., CentOS/AlmaLinux ad...
CVE-2020-10732
CVE-2020-10732 describes a Linux Kernel flaw in the Userspace core dumps implementation. According to connected IBM bulletin entries, the issue: allows a local authenticated attacker to obtain sensitive information or cause a program crash by exploiting the core-dump handling path. The vulnerabil...
CVE-2020-12770
CVE-2020-12770 arises from the Linux kernel sg_write path in the SCSI generic (sg) driver not releasing internal resources in a specific error path because sg_remove_request is not called. This root cause is cited in multiple sources (e.g., ALAS2KERNEL-5.4-2022-012) and is described as a local-ac...
CVE-2020-10757
CVE-2020-10757 affects the Linux kernel (post 4.5-rc1) where mremap mishandles DAX Huge Pages, enabling a local attacker with DAX storage access to escalate privileges. Connected advisories (RHEL/CentOS, Amazon Linux 2, IBM QRadar-related entries) confirm kernel patches/fixes are available and re...
CVE-2020-8648
CVE-2020-8648 is a use-after-free in the Linux kernel’s n_tty_receive_buf_common function (drivers/tty/n_tty.c), affecting kernel builds up to 5.5.2. It is a local vulnerability; exploitation could crash the kernel (DoS), with CVSS notes indicating local access and high impact on availability. Co...
CVE-2020-12659
Concrete details found: CVE-2020-12659 affects the Linux kernel before 5.6.7. The vulnerability is an out-of-bounds write in xdp_umem_reg() of net/xdp/xdp_umem.c, exploitable by a user with CAP_NET_ADMIN due to missing headroom validation. Impact described across connected docs includes potential...
CVE-2020-12655
CVE-2020-12655 affects the Linux kernel’s XFS code path: specifically, xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c up to version 5.6.10. The issue allows an attacker to trigger a sync of excessive duration when processing a crafted XFS v5 image, potentially causing denial of service through prolo...
CVE-2020-14314
CVE-2020-14314 is a memory out-of-bounds read in the Linux kernel’s ext3/ext4 directory handling that can crash the system on a local user. Public advisories confirm the issue affects the kernel and is tied to ext3/ext4 filesystem access with broken indexing, contributing to availability impact. ...
CVE-2020-14385
CVE-2020-14385 affects the Linux kernel prior to 5.9-rc4. A failure in the XFS file system metadata validator can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt, potentially shutting down the filesystem or making it inaccessible until remounted, resulting ...
CVE-2020-25704
CVE-2020-25704 describes a memory leak in the Linux kernel perf subsystem when using PERF_EVENT_IOC_SET_FILTER, enabling a local user to exhaust resources and cause a denial of service. The vulnerability is reiterated across multiple advisories (e.g., ALAS2KERNEL, ALAS-2020-1566, Debian/AlmaLinux...
CVE-2020-14356
CVE-2020-14356 affects the Linux kernel cgroupv2 subsystem in versions before 5.7.10. The flaw is a use-after-free / NULL pointer dereference in the handling of socket references to cgroups, which, under certain configurations (including reboot scenarios), could allow a local user to crash the sy...
CVE-2020-14386
CVE-2020-14386 is a Linux kernel memory-corruption vulnerability affecting the packet socket (AF_PACKET) path that can allow a local attacker to gain kernel privileges. The initial entry cites a memory corruption flaw exploitable by an unprivileged process to achieve root access. Connected adviso...
CVE-2020-11668
CVE-2020-11668 affects the Linux kernel drivers/media/usb/gspca/xirlink_cit.c (Xirlink camera USB driver). The issue arises from mishandling invalid USB descriptors in this driver, as reported in multiple advisories. The connected documents confirm that this vulnerability can enable a local attac...
CVE-2020-27777
The CVE-2020-27777 issue concerns the Linux kernel on PowerPC: RTAS memory accesses in the userspace-to-kernel path allow a local, root-like user on a locked-down guest (Secure Boot) running on PowerVM or KVM/pseries to escalate privileges to the running kernel. Root cause is an improper handling...
CVE-2020-25285
CVE-2020-25285 is a race condition in the Linux kernel hugetlb sysctl handlers (mm/hugetlb.c) that could allow a local attacker to corrupt memory or trigger NULL pointer dereferences. Public docs (e.g., ChangeLog-5.8.8) indicate the fix was released in kernel 5.8.8; Ubuntu/Debian advisories refer...
CVE-2020-29661
The entry CVE-2020-29661 describes a local, kernel-space vulnerability in the Linux tty subsystem (drivers/tty/tty_jobctrl.c) that can enable a use-after-free through TIOCSPGRP. A locking issue in this path allows memory corruption and potential privilege escalation or system impact when an attac...
CVE-2020-7053
CVE-2020-7053 affects the Linux kernel: a use-after-free (write) in i915_ppgtt_close (drivers/gpu/drm/i915/i915_gem_gtt.c), linked to i915_gem_context_destroy_ioctl (i915_gem_context.c). Affected: Linux kernels 4.14 LTS up to 4.14.165, 4.19 LTS up to 4.19.96, and 5.x before 5.2. Root cause is a u...
CVE-2020-14331
CVE-2020-14331 is a Linux kernel vulnerability in the VGA console driver’s soft-scrollback path. A local user with access to a VGA console can trigger an out-of-bounds write when resizing the console via VT_RESIZE, potentially crashing the system and possibly escalating privileges. Publicly docum...
CVE-2019-3016
CVE-2019-3016 is a Linux kernel/KVM issue where, when PV TLB is enabled, a process inside a guest can read memory belonging to another process in the same guest. The root cause is a missing or incomplete TLB flush in the KVM x86 paravirtualized path when the host is running Linux 4.10 and the gue...
CVE-2020-12654
CVE-2020-12654 affects the Linux kernel prior to 5.5.4. The vulnerability is a heap-based buffer overflow in mwifiex_ret_wmm_get_status() (drivers/net/wireless/marvell/mwifiex/wmm.c) caused by an incorrect memcpy when processing WMM parameters from a remote AP. A crafted AP can trigger overflow a...
CVE-2020-10766
CVE-2020-10766 is a Linux kernel vulnerability tied to the SSBD mitigation logic, enabling a local attacker to temporarily disable SSBD during a context switch due to per-task STIPB switching. Connected advisories confirm affected kernels (e.g., Linux 5.4.x/5.8 era) and provide patch info: Debian...
CVE-2020-10942
CVE-2020-10942 affects Linux kernel pre-5.5.8: vhost-net get_raw_socket fails to validate sk_family in drivers/vhost/net.c, enabling local attackers to induce kernel stack corruption via crafted syscalls, with potential DoS or privilege escalation. The connected doc from ALAS2LIVEPATCH-2020-015 n...
CVE-2020-12653
CVE-2020-12653 affects the Linux kernel prior to 5.5.4, caused by an incorrect memcpy in the mwifiex_cmd_append_vsie_tlv() function (drivers/net/wireless/marvell/mwifiex/scan.c). This enables a local attacker to gain elevated privileges or cause a denial of service due to a buffer overflow. Conne...
CVE-2020-8649
CVE-2020-8649 is a Linux kernel use-after-free in vgacon_invert_region (drivers/video/console/vgacon.c). The vulnerability, reported as CVE-2020-8649, could lead to memory corruption or DoS via the vgacon driver when a virtual terminal is accessed. Public details in Debian security advisories (DL...
CVE-2020-10768
CVE-2020-10768 affects the Linux kernel prior to 5.8-rc1, where prctl() can re-enable indirect branch speculation after it has been disabled, enabling Spectre v2-style disclosure. The vulnerability has Local attack vector and primarily impacts confidentiality; no exploitation details are provided...
CVE-2020-10690
The CVE-2020-10690 entry affects Linux kernel versions before 5.5. It is caused by a race between the release of ptp_clock and the cdev during resource deallocation, which can free the cdev structure while a high-privileged process holding /dev/ptpX is sleeping. When the underlying device is remo...
CVE-2020-12351
CVE-2020-12351 corresponds to the Linux kernel Bluetooth vulnerability known as BleedingTooth. Exploitation involves Bluetooth L2CAP and related memory handling, with PoCs showing remote code execution from a nearby attacker. Root causes cited in public exploit data include a type-confusion error...
CVE-2020-13143
CVE-2020-13143 affects the Linux kernel USB gadget/configfs (drivers/usb/gadget/configfs.c) from 3.16 to 5.6.13. The flaw arises when gadget_dev_desc_UDC_store uses kstrdup and may encounter an internal NUL value, leading to potential out-of-bounds memory access (reported as heap out-of-bounds wr...
CVE-2020-25641
CVE-2020-25641 affects the Linux kernel biovecs implementation in the block layer. A zero-length biovec request can cause the kernel to enter an infinite loop, leading to a local denial of service and availability impact. The vulnerability is exploitable by a local attacker with basic privileges ...
CVE-2020-14351
CVE-2020-14351 is a Linux kernel vulnerability in the perf subsystem that enables a local attacker with perf event access to trigger a use-after-free, potentially corrupt memory and escalate privileges. Public sources in connected advisories describe the vulnerability as a local use-after-free af...
CVE-2020-12352
CVE-2020-12352 corresponds to an issue in the Linux Bluetooth stack (BlueZ) where improper access control may allow an unauthenticated user with adjacent access to trigger information disclosure. The description and connected sources indicate this is a local/adjacent-network risk without user int...
CVE-2020-29569
CVE-2020-29569 describes a use-after-free in the Linux kernel PV block backend (blkback) when Xen is used, where the kernel thread handler may not reset ring->xenblkd to NULL if the frontend toggles between connect/disconnect, allowing a misbehaving guest to trigger a dom0 crash. The issue aff...
CVE-2020-29660
This CVE (CVE-2020-29660) affects the Linux kernel tty subsystem, specifically in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c, where a locking inconsistency can enable a local attacker to perform a read-after-free against TIOCGSID. Consequences stated in multiple advisories include memory ...
CVE-2020-29368
Affected software: Linux kernel up to version prior to 5.7.5 (pre-5.7.5). Vulnerability details: In mm/huge_memory.c, __split_huge_pmd, the copy-on-write CoW implementation can grant unintended write access due to a race in the THP mapcount check. This race condition can lead to local write acces...
CVE-2020-29374
CVE-2020-29374 affects the Linux kernel and was fixed in 5.7.3. It concerns the get_user_pages (gup) implementation used for copy-on-write pages: when handling read operations, it may grant unintended write access, risking information disclosure or data corruption (COW cross-process leakage). Sev...
CVE-2020-11494
The CVE-2020-11494 issue affects the Linux kernel slcan (serial line CAN) driver: in slcan.c, CAN headers for received packets may not be fully initialised when receiving data, enabling local attackers to read uninitialised can_frame data from kernel memory (information leak). Root cause is incom...
CVE-2020-10767
CVE-2020-10767 affects the Linux kernel before 5.8-rc1, where Enhanced IBPB mitigation is disabled when STIBP is unavailable or when IBRS is available, enabling a Spectre V2–style attack on local confidentiality. Connected advisories confirm Linux kernel mitigations (IBPB/SSBD) and note a patched...
CVE-2019-20811
CVE-2019-20811 affects the Linux kernel prior to 5.0.6, where a reference count is mishandled in rx_queue_add_kobject() and netdev_queue_add_kobject() within net/core/net-sysfs.c (CID-a3e23f719f5c). The issue was fixed in kernel 5.0.6 (ChangeLog-5.0.6). Exploitation would require local access and...
CVE-2019-18282
CVE-2019-18282 affects the Linux kernel flow_dissector (Linux 4.3–5.x up to 5.3.10). The root cause is that UDP/IPv6 flow labels rely on a 32-bit hashrnd secret, with jhash used instead of siphash, allowing an attacker to infer the secret and track flows. Affected code includes net/core/flow_diss...
CVE-2020-12826
CVE-2020-12826 affects the Linux kernel before 5.6.5. The root cause is an integer overflow in exec_id (include/linux/sched.h) due to 32-bit sizing, which can allow a child process to send an arbitrary signal to a parent process in a different security domain, bypassing protection. A patched vers...
CVE-2020-12769
CVE-2020-12769 affects the Linux kernel prior to 5.4.17. The issue is in drivers/spi/spi-dw.c, where concurrent calls to dw_spi_irq and dw_spi_transfer_one can trigger a kernel panic (local exploit). The vulnerability is fixed in Linux kernel 5.4.17 (see ChangeLog-5.4.17). No exploit details are ...
CVE-2020-1749
CVE-2020-1749 describes a flaw in the Linux kernel’s IPsec networking implementation (notably VXLAN and GENEVE tunnels over IPv6). When an encrypted tunnel is established between two hosts, tunneled data may be misrouted over the encrypted link, causing data to be sent unencrypted and potentially...
CVE-2020-8647
Summary of CVE-2020-8647: A use-after-free? No — it is an MMIO out-of-bounds access in the vgacon driver (vt.c, vc_do_resize) of the Linux kernel, reported in the Debian/AlmaLinux advisories as CVE-2020-8647. Impact stated in Debian entries includes potential denial of service, memory corruption,...
CVE-2020-24394
CVE-2020-24394 affects the Linux kernel before 5.7.8 in the NFS server (fs/nfsd/vfs.c). The root cause is that ACL-less filesystems do not apply the current umask when creating new objects, allowing an attacker with local access to set incorrect permissions. Public details in connected advisories...
CVE-2020-26541
CVE-2020-26541 : Local attacker can bypass the Secure Boot Forbidden Signature Database (dbx) protection in Linux kernels up to 5.8.13, affecting certs/blacklist.c and certs/system_keyring.c. Impact involves potential system integrity/confidentiality compromise. Connected sources confirm the issu...
CVE-2020-8834
Affected software: Linux kernel KVM for PowerPC (KVM with Book3S HV on Power8). Vulnerability arises from conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry and in kvmppc_save_tm()/kvmppc_restore_tm, leading to stack corruption. Consequence: a guest VM kernel-space code execut...
CVE-2020-25643
CVE-2020-25643 affects the Linux kernel HDLC_PPP module via improper input validation in ppp_cp_parse_cr, causing memory corruption and a read overflow that can lead to system crash or DoS. Public advisories confirm this vulnerability and reference the same root cause, with mitigations proposed a...
CVE-2020-12464
CVE-2020-12464 is a Linux kernel use-after-free in the USB core path. The vulnerability stems from usb_sg_cancel in drivers/usb/core/message.c where a transfer can occur without a proper reference, enabling a local attacker to potentially crash or execute code. Connected documents confirm this is...