ALT-PU-2020-1896-2

Package update kernel-image-std-def in branch sisyphus

Version5.4.36-alt1

Published2026-02-04

Max severityHIGH

Severity:

Closed issues (4)

MEDIUM6.7

Уязвимость функции usb_sg_cancel (drivers/usb/core/message.c) ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код

Published: 2020-05-29Modified: 2026-01-20

CVSS 3.xMEDIUM 6.7

CVSS:3.x/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C

References

CVE-2020-12464

HIGH7.0

Уязвимость функции enable_sacf_uaccess ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2020-08-12Modified: 2025-01-29

CVSS 3.xHIGH 7.0

CVSS:3.x/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.6

CVSS:2.0/AV:L/AC:M/Au:S/C:C/I:C/A:C

References

CVE-2020-11884

HIGH7.0

In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.

Published: 2020-04-29Modified: 2024-11-21

CVSS 2.0MEDIUM 6.9

CVSS:2.0/AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS 3.xHIGH 7.0

CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References

MEDIUM6.7

usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925.

Published: 2020-04-29Modified: 2024-11-21

CVSS 2.0HIGH 7.2

CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS 3.xMEDIUM 6.7

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References