Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
almalinuxAlmaLinuxALSA-2020:4431
HistoryNov 03, 2020 - 12:03 p.m.

Moderate: kernel security, bug fix, and enhancement update

2020-11-0312:03:57
errata.almalinux.org
29
linux kernel
security fix
cve-2019-9458
cve-2019-15917
video driver
bluetooth
memory leak
denial of service
usb device
race condition
debugfs_remove
selinux
netlink
buffer overflow
xdp
sg_write
privileged process
uaf
front_door/ex.c
soft-lockups
dos
kernel pointer leak
null pointer dereference
memory leak
stack overflow
xfs v5 image

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

EPSS

0.003

Percentile

70.3%

JSON

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: use after free in the video driver leads to local privilege escalation (CVE-2019-9458)

  • kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)

  • kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg (CVE-2019-15925)

  • kernel: memory leak in ccp_run_sha_cmd() (CVE-2019-18808)

  • kernel: Denial Of Service in the __ipmi_bmc_register() (CVE-2019-19046)

  • kernel: out-of-bounds write in ext4_xattr_set_entry (CVE-2019-19319)

  • Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)

  • kernel: use-after-free in ext4_put_super (CVE-2019-19447)

  • kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)

  • kernel: race condition caused by a malicious USB device in the USB character device driver layer (CVE-2019-19537)

  • kernel: use-after-free in serial_ir_init_module() (CVE-2019-19543)

  • kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry (CVE-2019-19767)

  • kernel: use-after-free in debugfs_remove (CVE-2019-19770)

  • kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)

  • kernel: possible use-after-free due to a race condition in cdev_get (CVE-2020-0305)

  • kernel: out-of-bounds read in in vc_do_resize function (CVE-2020-8647)

  • kernel: use-after-free in n_tty_receive_buf_common function (CVE-2020-8648)

  • kernel: invalid read location in vgacon_invert_region function (CVE-2020-8649)

  • kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)

  • kernel: SELinux netlink permission check bypass (CVE-2020-10751)

  • kernel: out-of-bounds write in mpol_parse_str (CVE-2020-11565)

  • kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)

  • kernel: buffer overflow in mt76_add_fragment function (CVE-2020-12465)

  • kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data coruption (CVE-2020-12659)

  • kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)

  • kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)

  • kernel: referencing inode of removed superblock in get_futex_key() causes UAF (CVE-2020-14381)

  • kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS (CVE-2020-25641)

  • kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure (CVE-2019-9455)

  • kernel: null pointer dereference in dlpar_parse_cc_property (CVE-2019-12614)

  • kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)

  • kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)

  • kernel: memory leak in af9005_identify_state() function (CVE-2019-18809)

  • kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function (CVE-2019-19056)

  • kernel: memory leak in the crypto_report() function (CVE-2019-19062)

  • kernel: Two memory leaks in the rtl_usb_probe() function (CVE-2019-19063)

  • kernel: A memory leak in the rtl8xxxu_submit_int_urb() function (CVE-2019-19068)

  • kernel: A memory leak in the predicate_parse() function (CVE-2019-19072)

  • kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c (CVE-2019-19533)

  • kernel: Null pointer dereference in drop_sysctl_table() (CVE-2019-20054)

  • kernel: kernel stack information leak on s390/s390x (CVE-2020-10773)

  • kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features (CVE-2020-10774)

  • kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)

  • kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655)

OSVersionArchitecturePackageVersionFilename
almalinux8x86_64kernel-tools-libs-devel< 4.18.0-240.el8kernel-tools-libs-devel-4.18.0-240.el8.x86_64.rpm

References

Related

nessus 69
redhat 13
osv 5
oraclelinux 6
centos 1
ubuntu 5
photon 9
f5 2
ibm 8
slackware 2
openvas 28
amazon 7
fedora 2
debian 5
suse 1
mageia 1
ubuntucve 6
prion 5
veracode 5
redhatcve 4
nvd 2
cve 3
debiancve 4
cvelist 5
symantec 1
nessus
nessus
RHEL 8 : kernel-rt (RHSA-2020:4609)
2020-11-04 00:00:00
CentOS 8 : kernel (CESA-2020:4431)
2021-02-01 00:00:00
Oracle Linux 8 : kernel (ELSA-2020-4431)
2023-09-07 00:00:00
redhat
redhat
(RHSA-2020:4609) Moderate: kernel-rt security and bug fix update
2020-11-03 12:20:02
(RHSA-2020:4431) Moderate: kernel security, bug fix, and enhancement update
2020-11-03 12:03:57
(RHSA-2020:4060) Important: kernel security, bug fix, and enhancement update
2020-09-29 18:42:12
osv
osv
Moderate: kernel security, bug fix, and enhancement update
2020-11-03 12:03:57
linux - security update
2020-06-09 00:00:00
linux - security update
2020-06-09 00:00:00
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2020-11-10 00:00:00
kernel security, bug fix, and enhancement update
2020-10-06 00:00:00
Unbreakable Enterprise kernel security update
2020-02-10 00:00:00
centos
centos
bpftool, kernel, perf, python security update
2020-10-20 18:20:15
ubuntu
ubuntu
Kernel Live Patch Security Notice
2020-05-01 00:00:00
Kernel Live Patch Security Notice
2020-06-09 00:00:00
Linux kernel vulnerabilities
2020-05-24 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2020-0221
2020-03-17 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0274
2020-02-12 00:00:00
Important Photon OS Security Update - PHSA-2020-0073
2020-03-27 00:00:00
f5
f5
K03310902 : Multiple Linux vulnerabilities CVE-2020-8647,CVE-2020-8648, CVE-2020-8649
2020-03-26 00:00:00
K52325031 : Linux kernel vulnerabilities CVE-2019-16231 and CVE-2019-16233
2022-05-20 00:00:00
ibm
ibm
Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities in kernel.
2022-07-07 11:14:38
Security Bulletin: Vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products
2023-03-29 01:48:02
Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System
2020-12-11 16:00:57
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2020-01-08 22:45:25
[slackware-security] Slackware 14.2 kernel
2020-06-11 21:36:19
openvas
openvas
Slackware: Security Advisory (SSA:2020-008-01)
2022-04-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0836-1)
2021-06-09 00:00:00
Slackware: Security Advisory (SSA:2020-163-01)
2022-04-21 00:00:00
amazon
amazon
Important: kernel
2020-02-05 16:47:00
Important: kernel
2020-06-01 12:24:00
Important: kernel
2020-06-01 22:37:00
fedora
fedora
[SECURITY] Fedora 30 Update: kernel-5.6.13-100.fc30
2020-05-20 03:48:40
[SECURITY] Fedora 31 Update: kernel-5.6.13-200.fc31
2020-05-20 03:16:44
debian
debian
[SECURITY] [DLA 2241-1] linux security update
2020-06-09 21:29:32
[SECURITY] [DLA 2241-2] linux security update
2020-06-10 10:55:44
[SECURITY] [DLA 2242-1] linux-4.9 security update
2020-06-10 10:48:38
suse
suse
Security update for the Linux Kernel (important)
2020-04-23 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2020-03-14 02:19:55
ubuntucve
ubuntucve
CVE-2020-27418
2023-08-22 00:00:00
CVE-2019-15925
2019-09-04 00:00:00
CVE-2019-9455
2019-09-06 00:00:00
prion
prion
Out-of-bounds
2019-09-04 21:15:00
Design/Logic Flaw
2019-12-12 20:15:00
Design/Logic Flaw
2021-05-27 19:15:00
veracode
veracode
Denial Of Service (DoS)
2020-11-05 03:09:26
Buffer Overflow
2020-11-05 03:16:43
Information Disclosure
2020-09-21 06:36:27
redhatcve
redhatcve
CVE-2020-12465
2020-05-05 14:11:02
CVE-2020-12659
2020-05-07 12:40:28
CVE-2019-19533
2019-12-13 21:38:28
nvd
nvd
CVE-2020-12465
2020-04-29 19:15:12
CVE-2019-9455
2019-09-06 22:15:13
cve
cve
CVE-2020-12465
2020-04-29 19:15:12
CVE-2020-12659
2020-05-05 07:15:11
CVE-2020-10774
2021-05-27 19:15:07
debiancve
debiancve
CVE-2020-12659
2020-05-05 07:15:11
CVE-2019-9455
2019-09-06 22:15:13
CVE-2020-10774
2021-05-27 19:15:07
cvelist
cvelist
CVE-2019-9455
2019-09-06 21:51:21
CVE-2020-12659
2020-05-05 06:13:15
CVE-2020-10774
2021-05-27 18:46:18
symantec
symantec
Linux Kernel CVE-2019-19533 Local Denial of Service Vulnerability
2019-12-03 00:00:00

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

EPSS

0.003

Percentile

70.3%

JSON
Related for ALSA-2020:4431
nessus69redhat13osv5oraclelinux6centos1ubuntu5photon9f52ibm8slackware2openvas28amazon7fedora2debian5suse1mageia1ubuntucve6prion5veracode5redhatcve4nvd2cve3debiancve4cvelist5symantec1