ALT-PU-2020-2864-1
Package kernel-image-un-def updated to version 5.8.10-alt1 for branch sisyphus in task 258514.
Closed vulnerabilities
BDU:2021-01953
Уязвимость функции kvm_io_bus_unregister_dev (virt/kvm/kvm_main.c) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-03291
Уязвимость подсистемы vgacon ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на доступность защищаемой информации
Modified: 2024-11-21
CVE-2020-14314
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14314
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14314
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5872331b3d91820e14716632ebb56b1399b34fe1
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5872331b3d91820e14716632ebb56b1399b34fe1
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- https://lore.kernel.org/linux-ext4/f53e246b-647c-64bb-16ec-135383c70ad7%40redhat.com/T/#u
- https://lore.kernel.org/linux-ext4/f53e246b-647c-64bb-16ec-135383c70ad7%40redhat.com/T/#u
- USN-4576-1
- USN-4576-1
- USN-4578-1
- USN-4578-1
- USN-4579-1
- USN-4579-1
- https://www.starwindsoftware.com/security/sw-20210325-0003/
- https://www.starwindsoftware.com/security/sw-20210325-0003/
Modified: 2024-11-21
CVE-2020-28097
The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.10
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.10
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=973c096f6a85e5b5f2a295126ba6928d9a6afd45
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=973c096f6a85e5b5f2a295126ba6928d9a6afd45
- https://github.com/torvalds/linux/commit/973c096f6a85e5b5f2a295126ba6928d9a6afd45
- https://github.com/torvalds/linux/commit/973c096f6a85e5b5f2a295126ba6928d9a6afd45
- https://seclists.org/oss-sec/2020/q3/176
- https://seclists.org/oss-sec/2020/q3/176
- https://security.netapp.com/advisory/ntap-20210805-0001/
- https://security.netapp.com/advisory/ntap-20210805-0001/
Modified: 2024-11-21
CVE-2020-36312
An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.10
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.10
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f65886606c2d3b562716de030706dfe1bea4ed5e
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f65886606c2d3b562716de030706dfe1bea4ed5e