CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
73.9%
It was discovered that the Kvaser CAN/USB driver in the Linux kernel did
not properly initialize memory in certain situations. A local attacker
could possibly use this to expose sensitive information (kernel memory).
(CVE-2019-19947)
Chuhong Yuan discovered that go7007 USB audio device driver in the Linux
kernel did not properly deallocate memory in some failure conditions. A
physically proximate attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2019-20810)
Jason A. Donenfeld discovered that the ACPI implementation in the Linux
kernel did not properly restrict loading SSDT code from an EFI variable. A
privileged attacker could use this to bypass Secure Boot lockdown
restrictions and execute arbitrary code in the kernel. (CVE-2019-20908)
It was discovered that the elf handling code in the Linux kernel did not
initialize memory before using it in certain situations. A local attacker
could use this to possibly expose sensitive information (kernel memory).
(CVE-2020-10732)
It was discovered that the Linux kernel did not correctly apply Speculative
Store Bypass Disable (SSBD) mitigations in certain situations. A local
attacker could possibly use this to expose sensitive information.
(CVE-2020-10766)
It was discovered that the Linux kernel did not correctly apply Indirect
Branch Predictor Barrier (IBPB) mitigations in certain situations. A local
attacker could possibly use this to expose sensitive information.
(CVE-2020-10767)
It was discovered that the Linux kernel could incorrectly enable Indirect
Branch Speculation after it has been disabled for a process via a prctl()
call. A local attacker could possibly use this to expose sensitive
information. (CVE-2020-10768)
Mauricio Faria de Oliveira discovered that the aufs implementation in the
Linux kernel improperly managed inode reference counts in the
vfsub_dentry_open() method. A local attacker could use this vulnerability
to cause a denial of service. (CVE-2020-11935)
It was discovered that the Virtual Terminal keyboard driver in the Linux
kernel contained an integer overflow. A local attacker could possibly use
this to have an unspecified impact. (CVE-2020-13974)
It was discovered that the efi subsystem in the Linux kernel did not handle
memory allocation failures during early boot in some situations. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2019-12380)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 16.04 | noarch | linux-image-4.4.0-1077-kvm | < 4.4.0-1077.84 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-buildinfo-4.4.0-1077-kvm | < 4.4.0-1077.84 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-cloud-tools-4.4.0-1077-kvm | < 4.4.0-1077.84 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-headers-4.4.0-1077-kvm | < 4.4.0-1077.84 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-image-4.4.0-1077-kvm-dbgsym | < 4.4.0-1077.84 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-kvm-cloud-tools-4.4.0-1077 | < 4.4.0-1077.84 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-kvm-headers-4.4.0-1077 | < 4.4.0-1077.84 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-kvm-tools-4.4.0-1077 | < 4.4.0-1077.84 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-modules-4.4.0-1077-kvm | < 4.4.0-1077.84 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-tools-4.4.0-1077-kvm | < 4.4.0-1077.84 | UNKNOWN |
ubuntu.com/security/CVE-2019-12380
ubuntu.com/security/CVE-2019-19947
ubuntu.com/security/CVE-2019-20810
ubuntu.com/security/CVE-2019-20908
ubuntu.com/security/CVE-2020-10732
ubuntu.com/security/CVE-2020-10766
ubuntu.com/security/CVE-2020-10767
ubuntu.com/security/CVE-2020-10768
ubuntu.com/security/CVE-2020-11935
ubuntu.com/security/CVE-2020-13974
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
73.9%