ALT Linux Team

Package kernel-image-un-def update in sisyphus on 2020-03-06

ALT-PU-2020-1426-1

Package kernel-image-un-def updated to version 5.5.8-alt1 for branch sisyphus in task 247429.

Closed vulnerabilities

Published: 2020-02-22

BDU:2020-02707

Уязвимость функции get_raw_socket (drivers/vhost/net.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.3) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
Severity: MEDIUM (4.5) Vector: AV:L/AC:H/Au:S/C:N/I:P/A:C
References:
Published: 2020-03-24
Modified: 2024-11-21

CVE-2020-10942

In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.

Severity: MEDIUM (5.4) Vector: AV:L/AC:M/Au:N/C:N/I:P/A:C
Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top