This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Linux First view 2015-11-16
Product Linux Kernel Last view 2021-01-13
Version 4.9.131 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:linux:linux_kernel

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
8.1 2021-01-13 CVE-2020-28374

In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.

6.7 2021-01-05 CVE-2020-36158

mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.

8.8 2020-12-15 CVE-2020-29569

An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.

6.7 2020-12-15 CVE-2020-27777

A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.

7.8 2020-12-09 CVE-2020-29661

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.

4.4 2020-12-09 CVE-2020-29660

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.

7.8 2020-12-03 CVE-2020-29534

An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94.

7.8 2020-12-03 CVE-2020-14381

A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

7.8 2020-12-03 CVE-2020-14351

A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

5.5 2020-12-02 CVE-2020-25704

A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.

4.1 2020-12-02 CVE-2020-25656

A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.

8.1 2020-12-02 CVE-2020-14305

An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

7 2020-11-28 CVE-2020-29374

An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.

6.5 2020-11-28 CVE-2020-29373

An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d.

4.7 2020-11-28 CVE-2020-29372

An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e.

3.3 2020-11-28 CVE-2020-29371

An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.

7 2020-11-28 CVE-2020-29370

An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.

7 2020-11-28 CVE-2020-29369

An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.

7 2020-11-28 CVE-2020-29368

An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.

5.3 2020-11-28 CVE-2019-20934

An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.

4.4 2020-11-23 CVE-2020-15437

The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.

6.7 2020-11-23 CVE-2020-15436

Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.

8.8 2020-11-23 CVE-2020-12351

Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

5 2020-11-20 CVE-2020-28974

A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.

5.5 2020-11-19 CVE-2020-28941

An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
14% (88) CWE-416 Use After Free
13% (81) CWE-476 NULL Pointer Dereference
9% (56) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
8% (48) CWE-200 Information Exposure
7% (42) CWE-125 Out-of-bounds Read
6% (39) CWE-787 Out-of-bounds Write
6% (39) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
6% (38) CWE-362 Race Condition
4% (28) CWE-20 Improper Input Validation
3% (20) CWE-190 Integer Overflow or Wraparound
2% (15) CWE-772 Missing Release of Resource after Effective Lifetime
2% (12) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (10) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (9) CWE-269 Improper Privilege Management
1% (8) CWE-415 Double Free
1% (7) CWE-369 Divide By Zero
1% (6) CWE-276 Incorrect Default Permissions
0% (4) CWE-755 Improper Handling of Exceptional Conditions
0% (3) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (3) CWE-667 Insufficient Locking
0% (3) CWE-404 Improper Resource Shutdown or Release
0% (3) CWE-388 Error Handling
0% (3) CWE-129 Improper Validation of Array Index
0% (3) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
0% (2) CWE-770 Allocation of Resources Without Limits or Throttling

Snort® IPS/IDS

Date Description
2020-11-19 Linux kernel af_packet tpacket_rcv integer overflow attempt
RuleID : 56052 - Type : OS-LINUX - Revision : 1
2020-11-19 Linux kernel af_packet tpacket_rcv integer overflow attempt
RuleID : 56051 - Type : OS-LINUX - Revision : 1
2017-11-21 Linux kernel nfsd nfsd4_layout_verify out of bounds read attempt
RuleID : 44638 - Type : PROTOCOL-RPC - Revision : 1
2017-11-21 Linux kernel nfsd nfsd4_layout_verify out of bounds read attempt
RuleID : 44637 - Type : PROTOCOL-RPC - Revision : 1
2017-07-18 Linux kernel NFSv3 malformed WRITE arbitrary memory read attempt
RuleID : 43189 - Type : PROTOCOL-RPC - Revision : 2
2017-07-18 Linux kernel NFSv2 malformed WRITE arbitrary memory read attempt
RuleID : 43188 - Type : PROTOCOL-RPC - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-17 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2019-509c133845.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2019-f812c9fb22.nasl - Type: ACT_GATHER_INFO
2019-01-15 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2019-337484d88b.nasl - Type: ACT_GATHER_INFO
2019-01-15 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2019-b0f7a7b74b.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2019-1145.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZA-2018-072.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote Virtuozzo host is missing multiple security updates.
File: Virtuozzo_VZA-2018-075.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZA-2018-077.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZA-2018-085.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2019-1145.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_183R1.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-0edb45d9db.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-1621b2204a.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-272cf2f9f4.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-2c6bd93875.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-3857a8b41a.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-50075276e8.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-5453baa4af.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-5904d0794d.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-5926c0ffc8.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-59e4747e0f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-6e8c330d50.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-8422d94975.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-87ba0312c2.nasl - Type: ACT_GATHER_INFO