Lucene search

Veracode Vulnerability DatabaseVERACODE:25978

HistoryJul 30, 2020 - 2:02 a.m.

Arbitrary Code Execution

2020-07-3002:02:26

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

kernel

arbitrary code execution

usb device

EPSS

0.002

Percentile

56.7%

JSON

kernel is vulnerable to arbitrary code execution. The vulnerability exists through a use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver.

References

lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html

www.openwall.com/lists/oss-security/2019/12/03/4

access.redhat.com/errata/RHSA-2020:3221

access.redhat.com/security/updates/classification/#important

access.redhat.com/security/vulnerabilities/grub2bootloader

cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.10

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d4472d7bec39917b54e4e80245784ea5d60ce49

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9c09b214f30e3c11f9b0b03f89442df03643794d

lists.debian.org/debian-lts-announce/2020/01/msg00013.html

lists.debian.org/debian-lts-announce/2020/03/msg00001.html

EPSS

0.002

Percentile

56.7%

JSON

Related for VERACODE:25978