---------- Forwarded message ---------
From: benjamin.romer@canonical.com
Date: Oct 15, 2020 1:44AM
It was discovered that the F2FS file system implementation in the Linux
kernel did not properly perform bounds checking on xattrs in some
situations. A local attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2020-0067)
It was discovered that the Serial CAN interface driver in the Linux
kernel did not properly initialize data. A local attacker could use this
to expose sensitive information (kernel memory). (CVE-2020-11494)
Mauricio Faria de Oliveira discovered that the aufs implementation in
the Linux kernel improperly managed inode reference counts in the
vfsub_dentry_open() method. A local attacker could use this
vulnerability to cause a denial of service. (CVE-2020-11935)
Piotr Krysiuk discovered that race conditions existed in the file system
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2020-12114)
Or Cohen discovered that the AF_PACKET implementation in the Linux
kernel did not properly perform bounds checking in some situations. A
local attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2020-14386)
Hador Manor discovered that the DCCP protocol implementation in the
Linux kernel improperly handled socket reuse, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2020-16119)
Giuseppe Scrivano discovered that the overlay file system in the Linux
kernel did not properly perform permission checks in some situations. A
local attacker could possibly use this to bypass intended restrictions
and gain read access to restricted files. (CVE-2020-16120)
References
- CVE-2020-0067
- CVE-2020-11494
- CVE-2020-11935
- CVE-2020-12114
- CVE-2020-14386
- CVE-2020-16119
- CVE-2020-16120
沒有留言:
張貼留言