ALT Linux Team

Package kernel-image-un-def update in sisyphus on 2020-05-28

ALT-PU-2020-2031-1

Package kernel-image-un-def updated to version 5.6.15-alt1 for branch sisyphus in task 252324.

Closed vulnerabilities

Published: 2020-12-30
Modified: 2024-05-31

BDU:2020-05886

Уязвимость gadget_dev_desc_UDC_store в драйверах / usb / gadget / configfs.c (bsc # 1171982) ядра операционной системы Linux, связанная с чтением за границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
References:
Published: 2021-02-02
Modified: 2024-09-16

BDU:2021-00471

Уязвимость драйвера VFIO PCI ядра операционной системы Linux, связанная с недостаточной обработкой исключительных состояний, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.3) Vector: AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
Severity: MEDIUM (4.7) Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C
References:
Published: 2021-04-06
Modified: 2024-06-04

BDU:2021-01920

Уязвимость реализации протокола MIDI ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM (6.8) Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
References:
Published: 2020-05-15
Modified: 2024-11-21

CVE-2020-12888

The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.

Severity: MEDIUM (4.7) Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C
Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
References:
Published: 2020-05-18
Modified: 2024-11-21

CVE-2020-13143

gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2020-12-11
Modified: 2024-11-21

CVE-2020-27786

A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top