Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2020-AVI-191
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
Title | Publication Time | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Ubuntu 16.04 LTS", "product": { "name": "Ubuntu", "vendor": { "name": "Ubuntu", "scada": false } } }, { "description": "Ubuntu 19.10", "product": { "name": "Ubuntu", "vendor": { "name": "Ubuntu", "scada": false } } }, { "description": "Ubuntu 18.04 LTS", "product": { "name": "Ubuntu", "vendor": { "name": "Ubuntu", "scada": false } } }, { "description": "Ubuntu 14.04 ESM", "product": { "name": "Ubuntu", "vendor": { "name": "Ubuntu", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2020-8992", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8992" }, { "name": "CVE-2019-19046", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19046" }, { "name": "CVE-2020-8428", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8428" }, { "name": "CVE-2020-8834", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8834" } ], "initial_release_date": "2020-04-07T00:00:00", "last_revision_date": "2020-04-08T00:00:00", "links": [], "reference": "CERTFR-2020-AVI-191", "revisions": [ { "description": "Version initiale", "revision_date": "2020-04-07T00:00:00.000000" }, { "description": "Ajout des avis de s\u00e9curit\u00e9 Ubuntu USN-4324-1 et USN-4325-1 du 07 avril 2020.", "revision_date": "2020-04-08T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4325-1 du 07 avril 2020", "url": "https://usn.ubuntu.com/4325-1/" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4318-1 du 06 avril 2020", "url": "https://usn.ubuntu.com/4318-1/" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4319-1 du 06 avril 2020", "url": "https://usn.ubuntu.com/4319-1/" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4320-1 du 06 avril 2020", "url": "https://usn.ubuntu.com/4320-1/" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4324-1 du 07 avril 2020", "url": "https://usn.ubuntu.com/4324-1/" } ] }
CVE-2020-8834 (GCVE-0-2020-8834)
Vulnerability from cvelistv5
Published
2020-04-09 22:10
Modified
2024-09-16 22:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the reporter, introduced the vulnerability: f024ee098476 ("KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures") 87a11bb6a7f7 ("KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode") The former landed in 4.8, the latter in 4.17. This was fixed without realizing the impact in 4.18 with the following three commits, though it's believed the first is the only strictly necessary commit: 6f597c6b63b6 ("KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()") 7b0e827c6970 ("KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm") 009c872a8bc4 ("KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file")
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Linux kernel | Linux kernel |
Version: 4.8 < unspecified Version: unspecified < 4.18 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T10:12:10.661Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2020/04/06/2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://usn.ubuntu.com/usn/usn-4318-1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1867717" }, { "name": "USN-4318-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4318-1/" }, { "name": "openSUSE-SU-2020:0543", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "PPC Power8" ], "product": "Linux kernel", "vendor": "Linux kernel", "versions": [ { "lessThan": "unspecified", "status": "affected", "version": "4.8", "versionType": "custom" }, { "lessThan": "4.18", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Gustavo Romero" }, { "lang": "en", "value": "Paul Mackerras" } ], "datePublic": "2020-04-06T00:00:00", "descriptions": [ { "lang": "en", "value": "KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the reporter, introduced the vulnerability: f024ee098476 (\"KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures\") 87a11bb6a7f7 (\"KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode\") The former landed in 4.8, the latter in 4.17. This was fixed without realizing the impact in 4.18 with the following three commits, though it\u0027s believed the first is the only strictly necessary commit: 6f597c6b63b6 (\"KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()\") 7b0e827c6970 (\"KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm\") 009c872a8bc4 (\"KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file\")" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-368", "description": "CWE-368", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-23T15:06:26", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.openwall.com/lists/oss-security/2020/04/06/2" }, { "tags": [ "x_refsource_MISC" ], "url": "https://usn.ubuntu.com/usn/usn-4318-1" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1867717" }, { "name": "USN-4318-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4318-1/" }, { "name": "openSUSE-SU-2020:0543", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html" } ], "solutions": [ { "lang": "en", "value": "Apply the following three Linux kernel commits, though possibly only the first commit is strictly necessary: \n \n 6f597c6b63b6 (\"KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()\")\n 7b0e827c6970 (\"KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm\")\n 009c872a8bc4 (\"KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file\")" } ], "source": { "defect": [ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1867717" ], "discovery": "EXTERNAL" }, "title": "Linux kernel KVM Power8 conflicting use of HSTATE_HOST_R1", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2020-04-06T16:00:00.000Z", "ID": "CVE-2020-8834", "STATE": "PUBLIC", "TITLE": "Linux kernel KVM Power8 conflicting use of HSTATE_HOST_R1" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Linux kernel", "version": { "version_data": [ { "platform": "PPC Power8", "version_affected": "\u003e=", "version_value": "4.8" }, { "platform": "PPC Power8", "version_affected": "\u003c", "version_value": "4.18" } ] } } ] }, "vendor_name": "Linux kernel" } ] } }, "credit": [ { "lang": "eng", "value": "Gustavo Romero" }, { "lang": "eng", "value": "Paul Mackerras" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the reporter, introduced the vulnerability: f024ee098476 (\"KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures\") 87a11bb6a7f7 (\"KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode\") The former landed in 4.8, the latter in 4.17. This was fixed without realizing the impact in 4.18 with the following three commits, though it\u0027s believed the first is the only strictly necessary commit: 6f597c6b63b6 (\"KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()\") 7b0e827c6970 (\"KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm\") 009c872a8bc4 (\"KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file\")" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-368" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.openwall.com/lists/oss-security/2020/04/06/2", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2020/04/06/2" }, { "name": "https://usn.ubuntu.com/usn/usn-4318-1", "refsource": "MISC", "url": "https://usn.ubuntu.com/usn/usn-4318-1" }, { "name": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1867717", "refsource": "MISC", "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1867717" }, { "name": "USN-4318-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4318-1/" }, { "name": "openSUSE-SU-2020:0543", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html" } ] }, "solution": [ { "lang": "en", "value": "Apply the following three Linux kernel commits, though possibly only the first commit is strictly necessary: \n \n 6f597c6b63b6 (\"KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()\")\n 7b0e827c6970 (\"KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm\")\n 009c872a8bc4 (\"KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file\")" } ], "source": { "defect": [ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1867717" ], "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2020-8834", "datePublished": "2020-04-09T22:10:14.975025Z", "dateReserved": "2020-02-10T00:00:00", "dateUpdated": "2024-09-16T22:03:01.562Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-8992 (GCVE-0-2020-8992)
Vulnerability from cvelistv5
Published
2020-02-14 04:27
Modified
2024-08-04 10:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.
References
URL | Tags | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T10:19:18.228Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://patchwork.ozlabs.org/patch/1236118/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200313-0003/" }, { "name": "openSUSE-SU-2020:0336", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" }, { "name": "USN-4318-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4318-1/" }, { "name": "USN-4324-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4324-1/" }, { "name": "USN-4344-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4344-1/" }, { "name": "USN-4342-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4342-1/" }, { "name": "USN-4419-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4419-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-22T06:06:38", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://patchwork.ozlabs.org/patch/1236118/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200313-0003/" }, { "name": "openSUSE-SU-2020:0336", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" }, { "name": "USN-4318-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4318-1/" }, { "name": "USN-4324-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4324-1/" }, { "name": "USN-4344-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4344-1/" }, { "name": "USN-4342-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4342-1/" }, { "name": "USN-4419-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4419-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-8992", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://patchwork.ozlabs.org/patch/1236118/", "refsource": "MISC", "url": "https://patchwork.ozlabs.org/patch/1236118/" }, { "name": "https://security.netapp.com/advisory/ntap-20200313-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200313-0003/" }, { "name": "openSUSE-SU-2020:0336", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" }, { "name": "USN-4318-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4318-1/" }, { "name": "USN-4324-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4324-1/" }, { "name": "USN-4344-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4344-1/" }, { "name": "USN-4342-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4342-1/" }, { "name": "USN-4419-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4419-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-8992", "datePublished": "2020-02-14T04:27:04", "dateReserved": "2020-02-14T00:00:00", "dateUpdated": "2024-08-04T10:19:18.228Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-19046 (GCVE-0-2019-19046)
Vulnerability from cvelistv5
Published
2019-11-18 05:23
Modified
2024-08-05 02:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time
References
URL | Tags | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T02:09:38.134Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/4aa7afb0ee20a97fbf0c5bab3df028d5fb85fdab" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157304" }, { "name": "FEDORA-2019-021c968423", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/" }, { "name": "FEDORA-2019-34a75d7e61", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/" }, { "name": "openSUSE-SU-2019:2675", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html" }, { "name": "USN-4302-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4302-1/" }, { "name": "USN-4325-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4325-1/" }, { "name": "USN-4319-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4319-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-22T18:06:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/4aa7afb0ee20a97fbf0c5bab3df028d5fb85fdab" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157304" }, { "name": "FEDORA-2019-021c968423", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/" }, { "name": "FEDORA-2019-34a75d7e61", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/" }, { "name": "openSUSE-SU-2019:2675", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html" }, { "name": "USN-4302-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4302-1/" }, { "name": "USN-4325-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4325-1/" }, { "name": "USN-4319-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4319-1/" } ], "tags": [ "disputed" ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-19046", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/torvalds/linux/commit/4aa7afb0ee20a97fbf0c5bab3df028d5fb85fdab", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/4aa7afb0ee20a97fbf0c5bab3df028d5fb85fdab" }, { "name": "https://bugzilla.suse.com/show_bug.cgi?id=1157304", "refsource": "MISC", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157304" }, { "name": "FEDORA-2019-021c968423", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/" }, { "name": "FEDORA-2019-34a75d7e61", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/" }, { "name": "openSUSE-SU-2019:2675", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html" }, { "name": "USN-4302-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4302-1/" }, { "name": "USN-4325-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4325-1/" }, { "name": "USN-4319-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4319-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-19046", "datePublished": "2019-11-18T05:23:42", "dateReserved": "2019-11-18T00:00:00", "dateUpdated": "2024-08-05T02:09:38.134Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-8428 (GCVE-0-2020-8428)
Vulnerability from cvelistv5
Published
2020-01-28 23:43
Modified
2024-08-04 09:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:56:28.354Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2020/01/28/2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6" }, { "name": "[oss-security] 20200129 Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2020/01/28/4" }, { "name": "[oss-security] 20200202 Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2020/02/02/1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200313-0003/" }, { "name": "openSUSE-SU-2020:0336", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" }, { "name": "USN-4320-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4320-1/" }, { "name": "USN-4318-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4318-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html" }, { "name": "USN-4324-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4324-1/" }, { "name": "USN-4325-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4325-1/" }, { "name": "USN-4319-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4319-1/" }, { "name": "DSA-4667", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4667" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html" }, { "name": "DSA-4698", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4698" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-06-10T19:06:15", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.openwall.com/lists/oss-security/2020/01/28/2" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6" }, { "name": "[oss-security] 20200129 Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2020/01/28/4" }, { "name": "[oss-security] 20200202 Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2020/02/02/1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200313-0003/" }, { "name": "openSUSE-SU-2020:0336", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" }, { "name": "USN-4320-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4320-1/" }, { "name": "USN-4318-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4318-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html" }, { "name": "USN-4324-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4324-1/" }, { "name": "USN-4325-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4325-1/" }, { "name": "USN-4319-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4319-1/" }, { "name": "DSA-4667", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4667" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html" }, { "name": "DSA-4698", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4698" } ], "source": { "discovery": "INTERNAL" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-8428", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.openwall.com/lists/oss-security/2020/01/28/2", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2020/01/28/2" }, { "name": "https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6" }, { "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6", "refsource": "MISC", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6" }, { "name": "[oss-security] 20200129 Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/01/28/4" }, { "name": "[oss-security] 20200202 Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/02/02/1" }, { "name": "https://security.netapp.com/advisory/ntap-20200313-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200313-0003/" }, { "name": "openSUSE-SU-2020:0336", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" }, { "name": "USN-4320-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4320-1/" }, { "name": "USN-4318-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4318-1/" }, { "name": "http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html" }, { "name": "USN-4324-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4324-1/" }, { "name": "USN-4325-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4325-1/" }, { "name": "USN-4319-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4319-1/" }, { "name": "DSA-4667", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4667" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html" }, { "name": "DSA-4698", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4698" } ] }, "source": { "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-8428", "datePublished": "2020-01-28T23:43:41", "dateReserved": "2020-01-28T00:00:00", "dateUpdated": "2024-08-04T09:56:28.354Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…