Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:USN-4750-1
HistoryFeb 25, 2021 - 6:31 a.m.

linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities

2021-02-2506:31:14
Google
osv.dev
13
bodong zhao
shisong qin
jfs file system
speakup screen reader
information leak
xen event processing
race condition
tty subsystem
netfilter subsystem

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

28.7%

JSON

Bodong Zhao discovered a use-after-free in the Sun keyboard driver
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2020-25669)

It was discovered that the jfs file system implementation in the Linux
kernel contained an out-of-bounds read vulnerability. A local attacker
could use this to possibly cause a denial of service (system crash).
(CVE-2020-27815)

Shisong Qin and Bodong Zhao discovered that Speakup screen reader driver in
the Linux kernel did not correctly handle setting line discipline in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2020-27830, CVE-2020-28941)

It was discovered that an information leak existed in the syscall
implementation in the Linux kernel on 32 bit systems. A local attacker
could use this to expose sensitive information (kernel memory).
(CVE-2020-28588)

Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event
processing backend in the Linux kernel did not properly limit the number of
events queued. An attacker in a guest VM could use this to cause a denial
of service in the host OS. (CVE-2020-29568)

Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the
Xen paravirt block backend in the Linux kernel, leading to a use-after-free
vulnerability. An attacker in a guest VM could use this to cause a denial
of service in the host OS. (CVE-2020-29569)

Jann Horn discovered that the tty subsystem of the Linux kernel did not use
consistent locking in some situations, leading to a read-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information (kernel memory).
(CVE-2020-29660)

Jann Horn discovered a race condition in the tty subsystem of the Linux
kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after-
free vulnerability. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-29661)

It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle filter rules in some situations. A local attacker with the
CAP_NET_ADMIN capability could use this to cause a denial of service.
(CVE-2021-20177)

Related

nessus 40
openvas 20
ubuntu 6
osv 11
cloudfoundry 1
photon 5
debian 4
amazon 2
oraclelinux 7
fedora 2
suse 1
nvd 10
redhatcve 8
ubuntucve 10
cvelist 10
veracode 8
debiancve 10
talos 1
threatpost 2
prion 10
cve 10
cbl_mariner 6
xen 2
freebsd_advisory 1
zdt 1
alpinelinux 2
freebsd 1
cnvd 1
redhat 2
packetstorm 1
virtuozzo 2
mageia 2
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4750-1)
2021-03-23 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4749-1)
2021-03-23 00:00:00
Debian DSA-4843-1 : linux - security update
2021-02-02 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4750-1)
2021-02-26 00:00:00
Ubuntu: Security Advisory (USN-4749-1)
2021-02-26 00:00:00
Debian: Security Advisory (DSA-4843-1)
2021-02-03 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2021-02-25 00:00:00
Linux kernel vulnerabilities
2021-02-25 00:00:00
Linux kernel vulnerabilities
2021-02-25 00:00:00
osv
osv
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
2021-02-25 07:05:21
linux-4.19 - security update
2021-02-12 00:00:00
linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities
2021-02-25 06:21:43
cloudfoundry
cloudfoundry
USN-4749-1: Linux kernel vulnerabilities | Cloud Foundry
2021-03-01 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2021-0182
2021-01-06 00:00:00
Important Photon OS Security Update - PHSA-2021-3.0-0182
2021-01-06 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0350
2020-12-19 00:00:00
debian
debian
[SECURITY] [DSA 4843-1] linux security update
2021-02-01 14:39:40
[SECURITY] [DSA 4843-1] linux security update
2021-02-01 14:39:40
[SECURITY] [DLA 2557-1] linux-4.19 security update
2021-02-12 19:25:34
amazon
amazon
Important: kernel
2021-01-26 00:11:00
Important: kernel
2021-01-25 23:09:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel-container security update
2021-02-08 00:00:00
Unbreakable Enterprise kernel security update
2021-02-08 00:00:00
Unbreakable Enterprise kernel security update
2021-01-30 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: kernel-5.9.14-200.fc33
2020-12-17 01:25:30
[SECURITY] Fedora 32 Update: kernel-5.9.14-100.fc32
2020-12-17 01:24:41
suse
suse
Security update for the Linux Kernel (important)
2021-02-05 00:00:00
nvd
nvd
CVE-2020-28588
2021-05-10 19:15:08
CVE-2020-27830
2021-05-13 15:15:07
CVE-2020-28941
2020-11-19 19:15:11
redhatcve
redhatcve
CVE-2020-28588
2021-02-25 18:35:40
CVE-2020-27830
2021-01-25 11:53:25
CVE-2020-28941
2020-11-20 14:51:40
ubuntucve
ubuntucve
CVE-2020-27830
2020-12-07 00:00:00
CVE-2020-28588
2020-12-04 00:00:00
CVE-2020-29568
2020-12-15 00:00:00
cvelist
cvelist
CVE-2020-27830
2021-05-13 14:15:34
CVE-2020-28588
2021-05-10 18:54:40
CVE-2020-25669
2021-05-26 11:25:08
veracode
veracode
Information Disclosure
2021-02-26 02:11:07
Denial Of Service (DoS)
2021-02-26 02:11:10
Denial Of Service (DoS)
2021-02-27 01:03:36
debiancve
debiancve
CVE-2020-28588
2021-05-10 19:15:08
CVE-2020-27830
2021-05-13 15:15:07
CVE-2020-28941
2020-11-19 19:15:11
talos
talos
Linux Kernel /proc/pid/syscall information disclosure vulnerability
2020-04-27 00:00:00
threatpost
threatpost
Linux Kernel Bug Opens Door to Wider Cyberattacks
2021-04-27 19:43:51
Critical Linux Kernel Bug Allows Remote Takeover
2021-11-04 15:50:42
prion
prion
Information disclosure
2021-05-10 19:15:00
Design/Logic Flaw
2020-11-19 19:15:00
Design/Logic Flaw
2021-05-13 15:15:00
cve
cve
CVE-2020-28588
2021-05-10 19:15:08
CVE-2020-27830
2021-05-13 15:15:07
CVE-2020-28941
2020-11-19 19:15:11
cbl_mariner
cbl_mariner
CVE-2020-27815 affecting package kernel for versions less than 6.6.29.1-4
2024-06-21 09:32:44
CVE-2020-28941 affecting package kernel 5.4.91-6
2021-01-29 07:40:05
CVE-2020-27815 affecting package kernel for versions less than 5.15.135.1-2
2023-11-08 02:07:28
xen
xen
Frontends can trigger OOM in Backends by update a watched path
2020-12-15 12:00:00
Use after free triggered by block frontend in Linux blkback
2020-12-15 12:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-21:02.xenoom
2021-01-29 00:00:00
zdt
zdt
Linux TIOCSPGRP Broken Locking Exploit
2020-12-24 00:00:00
alpinelinux
alpinelinux
CVE-2020-29568
2020-12-15 17:15:14
CVE-2020-29569
2020-12-15 17:15:14
freebsd
freebsd
FreeBSD -- Xen guests can triger backend Out Of Memory
2021-01-29 00:00:00
cnvd
cnvd
Linux kernel buffer overflow vulnerability (CNVD-2021-54398)
2021-07-12 00:00:00
redhat
redhat
(RHSA-2021:1031) Important: kpatch-patch security update
2021-03-30 07:25:15
(RHSA-2021:0940) Important: kpatch-patch security update
2021-03-18 16:02:17
packetstorm
packetstorm
Linux TIOCSPGRP Broken Locking
2020-12-22 00:00:00
virtuozzo
virtuozzo
[Important] [Security] Virtuozzo ReadyKernel patch 122.0 for Virtuozzo Hybrid Server 7.0, Virtuozzo Infrastructure Platform 3.0, and Virtuozzo Hybrid Infrastructure 3.5, 4.0
2021-02-15 00:00:00
[Important] [Security] Virtuozzo ReadyKernel patch 122.0 for Virtuozzo Hybrid Server 7.5
2021-02-05 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2021-01-15 15:31:01
Updated kernel-linus packages fix security vulnerabilities
2021-01-15 15:31:01

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

28.7%

JSON
Related for OSV:USN-4750-1
nessus40openvas20ubuntu6osv11cloudfoundry1photon5debian4amazon2oraclelinux7fedora2suse1nvd10redhatcve8ubuntucve10cvelist10veracode8debiancve10talos1threatpost2prion10cve10cbl_mariner6xen2freebsd_advisory1zdt1alpinelinux2freebsd1cnvd1redhat2packetstorm1virtuozzo2mageia2