8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
8.3 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.003 Low
EPSS
Percentile
69.1%
It was discovered that debugfs in the Linux kernel as used by blktrace
contained a use-after-free in some situations. A privileged local attacker
could possibly use this to cause a denial of service (system crash).
(CVE-2019-19770)
It was discovered that a race condition existed in the binder IPC
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2020-0423)
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered
that legacy pairing and secure-connections pairing authentication in the
Bluetooth protocol could allow an unauthenticated user to complete
authentication without pairing credentials via adjacent access. A
physically proximate attacker could use this to impersonate a previously
paired Bluetooth device. (CVE-2020-10135)
It was discovered that the console keyboard driver in the Linux kernel
contained a race condition. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2020-25656)
Minh Yuan discovered that the tty driver in the Linux kernel contained race
conditions when handling fonts. A local attacker could possibly use this to
expose sensitive information (kernel memory). (CVE-2020-25668)
Keyu Man discovered that the ICMP global rate limiter in the Linux kernel
could be used to assist in scanning open UDP ports. A remote attacker could
use to facilitate attacks on UDP based services that depend on source port
randomization. (CVE-2020-25705)
Jinoh Kang discovered that the Xen event channel infrastructure in the
Linux kernel contained a race condition. An attacker in guest could
possibly use this to cause a denial of service (dom0 crash).
(CVE-2020-27675)
Daniel Axtens discovered that PowerPC RTAS implementation in the Linux
kernel did not properly restrict memory accesses in some situations. A
privileged local attacker could use this to arbitrarily modify kernel
memory, potentially bypassing kernel lockdown restrictions.
(CVE-2020-27777)
Minh Yuan discovered that the framebuffer console driver in the Linux
kernel did not properly handle fonts in some conditions. A local attacker
could use this to cause a denial of service (system crash) or possibly
expose sensitive information (kernel memory). (CVE-2020-28974)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 18.04 | noarch | linux-image-4.15.0-1062-oracle | < 4.15.0-1062.68 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-image-4.15.0-1062-oracle-dbgsym | < 4.15.0-1062.68 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-image-4.15.0-1077-gke | < 4.15.0-1077.82 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-image-4.15.0-1077-gke-dbgsym | < 4.15.0-1077.82 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-image-4.15.0-1077-raspi2 | < 4.15.0-1077.82 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-buildinfo-4.15.0-1077-raspi2 | < 4.15.0-1077.82 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-headers-4.15.0-1077-raspi2 | < 4.15.0-1077.82 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-image-4.15.0-1077-raspi2-dbgsym | < 4.15.0-1077.82 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-modules-4.15.0-1077-raspi2 | < 4.15.0-1077.82 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-raspi2-headers-4.15.0-1077 | < 4.15.0-1077.82 | UNKNOWN |
ubuntu.com/security/CVE-2019-19770
ubuntu.com/security/CVE-2020-0423
ubuntu.com/security/CVE-2020-10135
ubuntu.com/security/CVE-2020-25656
ubuntu.com/security/CVE-2020-25668
ubuntu.com/security/CVE-2020-25705
ubuntu.com/security/CVE-2020-27675
ubuntu.com/security/CVE-2020-27777
ubuntu.com/security/CVE-2020-28974
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
8.3 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.003 Low
EPSS
Percentile
69.1%