Lucene search

K
ubuntuUbuntuUSN-4525-1
HistorySep 24, 2020 - 12:00 a.m.

Linux kernel vulnerabilities

2020-09-2400:00:00
ubuntu.com
128

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

58.6%

Releases

  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM

Packages

  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems
  • linux-azure - Linux kernel for Microsoft Azure Cloud systems
  • linux-azure-5.4 - Linux kernel for Microsoft Azure cloud systems
  • linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-gcp-5.4 - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-hwe-5.4 - Linux hardware enablement (HWE) kernel
  • linux-kvm - Linux kernel for cloud environments
  • linux-oracle - Linux kernel for Oracle Cloud systems
  • linux-oracle-5.4 - Linux kernel for Oracle Cloud systems
  • linux-raspi - Linux kernel for Raspberry Pi (V8) systems
  • linux-raspi-5.4 - Linux kernel for Raspberry Pi (V8) systems

Details

It was discovered that the AMD Cryptographic Coprocessor device driver in
the Linux kernel did not properly deallocate memory in some situations. A
local attacker could use this to cause a denial of service (memory
exhaustion). (CVE-2019-18808)

It was discovered that the Conexant 23885 TV card device driver for the
Linux kernel did not properly deallocate memory in some error conditions. A
local attacker could use this to cause a denial of service (memory
exhaustion). (CVE-2019-19054)

It was discovered that the VFIO PCI driver in the Linux kernel did not
properly handle attempts to access disabled memory spaces. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2020-12888)

It was discovered that the state of network RNG in the Linux kernel was
potentially observable. A remote attacker could use this to expose
sensitive information. (CVE-2020-16166)

It was discovered that the NFS client implementation in the Linux kernel
did not properly perform bounds checking before copying security labels in
some situations. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-25212)

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

58.6%