All errata/sisyphus/ALT-PU-2020-2209-1
ALT-PU-2020-2209-1

Package update kernel-image-mp in branch sisyphus

Version5.7.4-alt1
Task#253599
Published2020-06-18
Max severityHIGH
Severity:

Closed issues (15)

BDU:2020-03071
HIGH7.8

Уязвимость компонента drivers/tty/vt/keyboard.c ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код

Published: 2020-06-30Modified: 2024-05-31
CVSS 3.xHIGH 7.8
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C
References
BDU:2020-05552
LOW3.6

Уязвимость функции get_user_pages(), позволяющая нарушителю вызвать отказ в обслуживании

Published: 2020-12-03Modified: 2024-09-13
CVSS 3.xLOW 3.6
CVSS:3.x/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
CVSS 2.0LOW 3.0
CVSS:2.0/AV:L/AC:M/Au:S/C:P/I:P/A:N
References
BDU:2020-05900
MEDIUM5.9

Уязвимость процедуры ebitmap_netlbl_import ядра операционных систем Linux, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2020-12-30Modified: 2022-10-17
CVSS 3.xMEDIUM 5.9
CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0HIGH 7.1
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C
References
BDU:2021-00445
MEDIUM5.9

Уязвимость системы контроля доступа SELinux ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2021-02-02Modified: 2024-05-31
CVSS 3.xMEDIUM 5.9
CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0HIGH 7.1
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C
References
BDU:2021-01957
HIGH7.0

Уязвимость компонентов arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h и virt/kvm/kvm_main.c подсистемы виртуализации Kernel-based Virtual Machine (KVM) ядра операционных систем Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Published: 2021-04-08Modified: 2021-09-20
CVSS 3.xHIGH 7.0
CVSS:3.x/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C
References
BDU:2021-06410
HIGH7.8

Уязвимость компонента mm/mremap.c ядра операционной системы Linux, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю повысить свои привилегии в системе

Published: 2021-12-28Modified: 2024-09-16
CVSS 3.xHIGH 7.8
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0MEDIUM 6.9
CVSS:2.0/AV:L/AC:M/Au:N/C:C/I:C/A:C
References
BDU:2022-05426
MEDIUM4.4

Уязвимость подсистемы eBPF ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2022-08-31Modified: 2024-11-07
CVSS 3.xMEDIUM 4.4
CVSS:3.x/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:N/A:N
References
BDU:2023-01798
MEDIUM4.7

Уязвимость виртуальной файловой системы /proc ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-04-03Modified: 2024-01-09
CVSS 3.xMEDIUM 4.7
CVSS:3.x/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0LOW 3.8
CVSS:2.0/AV:L/AC:H/Au:S/C:N/I:N/A:C
References
CVE-2020-10711
MEDIUM5.9

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.

Published: 2020-05-22Modified: 2024-11-21
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.9
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
References
CVE-2020-10757
HIGH7.8

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.

Published: 2020-06-09Modified: 2024-11-21
CVSS 2.0MEDIUM 6.9
CVSS:2.0/AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
CVE-2020-13974
HIGH7.8

An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case.

Published: 2020-06-09Modified: 2024-11-21
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
CVE-2020-29374
LOW3.6

An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.

Published: 2020-11-28Modified: 2024-11-21
CVSS 2.0LOW 3.3
CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:P/A:N
CVSS 3.xLOW 3.6
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
References
CVE-2020-36313
HIGH7.8

An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h, and virt/kvm/kvm_main.c.

Published: 2021-04-07Modified: 2024-11-21
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
CVE-2021-4159
MEDIUM4.4

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.

Published: 2022-08-24Modified: 2024-11-21
CVSS 3.xMEDIUM 4.4
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
References