Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-14356 (GCVE-0-2020-14356)
Vulnerability from cvelistv5 – Published: 2020-08-19 14:37 – Updated: 2024-08-04 12:39
VLAI?
EPSS
Summary
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.
Severity ?
No CVSS data available.
CWE
- Use After Free
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868453"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=208003"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6aw%40mail.gmail.com/t/"
},
{
"name": "openSUSE-SU-2020:1236",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html"
},
{
"name": "openSUSE-SU-2020:1325",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200904-0002/"
},
{
"name": "USN-4484-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4484-1/"
},
{
"name": "USN-4483-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4483-1/"
},
{
"name": "USN-4526-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4526-1/"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
},
{
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Kernel versions before 5.7.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-31T17:06:23.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868453"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=208003"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6aw%40mail.gmail.com/t/"
},
{
"name": "openSUSE-SU-2020:1236",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html"
},
{
"name": "openSUSE-SU-2020:1325",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200904-0002/"
},
{
"name": "USN-4484-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4484-1/"
},
{
"name": "USN-4483-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4483-1/"
},
{
"name": "USN-4526-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4526-1/"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
},
{
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kernel",
"version": {
"version_data": [
{
"version_value": "Kernel versions before 5.7.10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1868453",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868453"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=208003",
"refsource": "MISC",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=208003"
},
{
"name": "https://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6aw%40mail.gmail.com/t/",
"refsource": "MISC",
"url": "https://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6aw%40mail.gmail.com/t/"
},
{
"name": "openSUSE-SU-2020:1236",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html"
},
{
"name": "openSUSE-SU-2020:1325",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200904-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200904-0002/"
},
{
"name": "USN-4484-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4484-1/"
},
{
"name": "USN-4483-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4483-1/"
},
{
"name": "USN-4526-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4526-1/"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
},
{
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14356",
"datePublished": "2020-08-19T14:37:50.000Z",
"dateReserved": "2020-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:39:36.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14356
Vulnerability from fstec - Published: 07.07.2020
VLAI Severity ?
Title
Уязвимость подсистемы cgroupv2 ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Description
Уязвимость подсистемы cgroupv2 ядра операционной системы Linux связана с разыменованием нулевого указателя. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Severity ?
Vendor
Сообщество свободного программного обеспечения, Canonical Ltd., Novell Inc., ООО «Открытая мобильная платформа»
Software Name
Debian GNU/Linux, Ubuntu, OpenSUSE Leap, Linux, ОС Аврора (запись в едином реестре российских программ №1543)
Software Version
9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 15.1 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 10 (Debian GNU/Linux), 20.04 LTS (Ubuntu), 15.2 (OpenSUSE Leap), 16.04 ESM (Ubuntu), от 5.5 до 5.7.9 включительно (Linux), 3.2.3.10 (ОС Аврора), от 4.5 до 4.9.230 включительно (Linux), от 4.10 до 4.14.188 включительно (Linux), от 4.15 до 4.19.133 включительно (Linux), от 4.20 до 5.4.52 включительно (Linux)
Possible Mitigations
Использование рекомендаций:
Для Linux:
https://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6aw%40mail.gmail.com/t/
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.189
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.134
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.231
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.53
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.10
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2020-14356
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2020-14356
Для Ubuntu:
https://ubuntu.com/security/notices/USN-4483-1
https://ubuntu.com/security/notices/USN-4484-1
https://ubuntu.com/security/notices/USN-4526-1
Для программных продуктов Novell Inc.:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/RZBOHACFHPZE53IZN4OJDZ5XKOOT76WT/
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/PR7IAIXMEHH4XQP5TC46UTZY6KWF5277/
Для ОС Аврора:
https://cve.omprussia.ru/bb6323
Reference
http://blog.pi3.com.pl/?p=720
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html
https://access.redhat.com/security/cve/CVE-2020-14356
https://bugs.debian.org/966846
https://bugzilla.kernel.org/show_bug.cgi?id=208003
https://bugzilla.redhat.com/show_bug.cgi?id=1868453
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14356
https://cve.omprussia.ru/bb6323
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.189
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.134
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.231
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.53
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.10
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/PR7IAIXMEHH4XQP5TC46UTZY6KWF5277/
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/RZBOHACFHPZE53IZN4OJDZ5XKOOT76WT/
https://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6aw%40mail.gmail.com/t/
https://security.netapp.com/advisory/ntap-20200904-0002/
https://security-tracker.debian.org/tracker/CVE-2020-14356
https://ubuntu.com/security/notices/USN-4483-1
https://ubuntu.com/security/notices/USN-4484-1
https://ubuntu.com/security/notices/USN-4526-1
https://usn.ubuntu.com/4483-1/
https://usn.ubuntu.com/4484-1/
https://usn.ubuntu.com/4526-1/
https://usn.ubuntu.com/usn/usn-4483-1
https://usn.ubuntu.com/usn/usn-4484-1
https://usn.ubuntu.com/usn/usn-4526-1
https://www.cve.org/CVERecord?id=CVE-2020-14356
CWE
CWE-476
{
"CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Canonical Ltd., Novell Inc., \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 15.1 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 10 (Debian GNU/Linux), 20.04 LTS (Ubuntu), 15.2 (OpenSUSE Leap), 16.04 ESM (Ubuntu), \u043e\u0442 5.5 \u0434\u043e 5.7.9 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), 3.2.3.10 (\u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430), \u043e\u0442 4.5 \u0434\u043e 4.9.230 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.10 \u0434\u043e 4.14.188 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.15 \u0434\u043e 4.19.133 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.20 \u0434\u043e 5.4.52 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6aw%40mail.gmail.com/t/\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.189\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.134\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.231\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.53\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.10\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2020-14356\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2020-14356\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-4483-1\nhttps://ubuntu.com/security/notices/USN-4484-1\nhttps://ubuntu.com/security/notices/USN-4526-1\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/RZBOHACFHPZE53IZN4OJDZ5XKOOT76WT/\nhttps://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/PR7IAIXMEHH4XQP5TC46UTZY6KWF5277/\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430:\nhttps://cve.omprussia.ru/bb6323",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "07.07.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "23.06.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-03189",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-14356",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Ubuntu, OpenSUSE Leap, Linux, \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , Novell Inc. OpenSUSE Leap 15.1 , Canonical Ltd. Ubuntu 14.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Canonical Ltd. Ubuntu 20.04 LTS , Novell Inc. OpenSUSE Leap 15.2 , Canonical Ltd. Ubuntu 16.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u0434\u043e 5.7.10 , \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 3.2.3.10 F+ Life Tab Plus (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u044b cgroupv2 \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f NULL (CWE-476)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u044b cgroupv2 \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://blog.pi3.com.pl/?p=720\nhttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html\nhttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html\nhttps://access.redhat.com/security/cve/CVE-2020-14356\nhttps://bugs.debian.org/966846\nhttps://bugzilla.kernel.org/show_bug.cgi?id=208003\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1868453\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14356\nhttps://cve.omprussia.ru/bb6323\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.189\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.134\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.231\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.53\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.10\nhttps://lists.debian.org/debian-lts-announce/2020/09/msg00025.html\nhttps://lists.debian.org/debian-lts-announce/2020/10/msg00032.html\nhttps://lists.debian.org/debian-lts-announce/2020/10/msg00034.html\nhttps://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/PR7IAIXMEHH4XQP5TC46UTZY6KWF5277/\nhttps://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/RZBOHACFHPZE53IZN4OJDZ5XKOOT76WT/\nhttps://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6aw%40mail.gmail.com/t/\nhttps://security.netapp.com/advisory/ntap-20200904-0002/\nhttps://security-tracker.debian.org/tracker/CVE-2020-14356\nhttps://ubuntu.com/security/notices/USN-4483-1\nhttps://ubuntu.com/security/notices/USN-4484-1\nhttps://ubuntu.com/security/notices/USN-4526-1\nhttps://usn.ubuntu.com/4483-1/\nhttps://usn.ubuntu.com/4484-1/\nhttps://usn.ubuntu.com/4526-1/\nhttps://usn.ubuntu.com/usn/usn-4483-1\nhttps://usn.ubuntu.com/usn/usn-4484-1\nhttps://usn.ubuntu.com/usn/usn-4526-1\nhttps://www.cve.org/CVERecord?id=CVE-2020-14356",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-476",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}
CERTFR-2020-AVI-568
Vulnerability from certfr_avis - Published: 2020-09-11 - Updated: 2020-09-11
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3-BCL | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3-LTSS | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time Extension 12-SP5 | ||
| SUSE | N/A | SUSE Enterprise Storage 5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP3 | ||
| SUSE | N/A | HPE Helion Openstack 8 | ||
| SUSE | N/A | SUSE OpenStack Cloud 8 | ||
| SUSE | N/A | SUSE OpenStack Cloud Crowbar 8 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP3 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 12-SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time Extension 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "HPE Helion Openstack 8",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud 8",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14386",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14386"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-14356",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14356"
},
{
"name": "CVE-2020-0305",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0305"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2020-16166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16166"
},
{
"name": "CVE-2020-10135",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10135"
}
],
"initial_release_date": "2020-09-11T00:00:00",
"last_revision_date": "2020-09-11T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-568",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-09-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et\nun contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202582-1 du 09 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202582-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202605-1 du 11 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202605-1/"
}
]
}
CERTFR-2020-AVI-614
Vulnerability from certfr_avis - Published: 2020-10-02 - Updated: 2020-10-02
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian LTS. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian 9 stretch versions ant\u00e9rieures \u00e0 4.19.146-1~deb9u1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-10781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10781"
},
{
"name": "CVE-2020-14386",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14386"
},
{
"name": "CVE-2020-14390",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14390"
},
{
"name": "CVE-2020-25285",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25285"
},
{
"name": "CVE-2019-3874",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3874"
},
{
"name": "CVE-2020-25284",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25284"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-26088",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26088"
},
{
"name": "CVE-2020-14385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
},
{
"name": "CVE-2020-14356",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14356"
},
{
"name": "CVE-2019-19816",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19816"
},
{
"name": "CVE-2020-12888",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12888"
},
{
"name": "CVE-2019-19448",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19448"
},
{
"name": "CVE-2020-16166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16166"
},
{
"name": "CVE-2019-19813",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19813"
},
{
"name": "CVE-2020-25641",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25641"
}
],
"initial_release_date": "2020-10-02T00:00:00",
"last_revision_date": "2020-10-02T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-614",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nDebian LTS. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian LTS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Debian LTS dla-2385 du 28 septembre 2020",
"url": "https://www.debian.org/lts/security/2020/dla-2385"
}
]
}
CERTFR-2020-AVI-548
Vulnerability from certfr_avis - Published: 2020-09-07 - Updated: 2020-09-07
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP2-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3-LTSS | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Public Cloud 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP4 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 12-SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Public Cloud 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-0155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0155"
},
{
"name": "CVE-2019-18680",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18680"
},
{
"name": "CVE-2019-14901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14901"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
},
{
"name": "CVE-2019-14814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14814"
},
{
"name": "CVE-2019-14815",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14815"
},
{
"name": "CVE-2020-14356",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14356"
},
{
"name": "CVE-2019-9458",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9458"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2020-15780",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15780"
},
{
"name": "CVE-2020-16166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16166"
},
{
"name": "CVE-2019-19447",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
},
{
"name": "CVE-2020-10135",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10135"
},
{
"name": "CVE-2020-11668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
},
{
"name": "CVE-2019-14816",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14816"
},
{
"name": "CVE-2020-10757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10757"
},
{
"name": "CVE-2019-14895",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14895"
},
{
"name": "CVE-2019-15117",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15117"
}
],
"initial_release_date": "2020-09-07T00:00:00",
"last_revision_date": "2020-09-07T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-548",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-09-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202491-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202491-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202524-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202524-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202537-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202537-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202515-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202515-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202525-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202525-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202502-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202502-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202506-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202506-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202526-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202526-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202517-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202517-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202497-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202497-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202540-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202540-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202508-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202508-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202498-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202498-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202534-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202534-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202541-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202541-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202507-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202507-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202531-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202531-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202513-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202513-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202505-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202505-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202509-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202509-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202492-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202492-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202499-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202499-1/"
}
]
}
CERTFR-2020-AVI-585
Vulnerability from certfr_avis - Published: 2020-09-22 - Updated: 2020-09-22
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Ubuntu | Ubuntu | Ubuntu 16.04 pour Amazon Web Services, Microsoft Azure, Google Cloud, Oracle Cloud | ||
| Ubuntu | Ubuntu | Ubuntu 14.04 ESM pour Raspberry PI v8 pour les processeurs Qualcomm SnapDragon | ||
| Ubuntu | Ubuntu | Ubuntu 18.04 pour Raspberry PI v8 pour les processeurs Qualcomm SnapDragon | ||
| Ubuntu | Ubuntu | Ubuntu 18.04 version HWE et OEM | ||
| Ubuntu | Ubuntu | Ubuntu 20.04 pour Microsoft Azure, Google Cloud, Oracle Cloud | ||
| Ubuntu | Ubuntu | Ubuntu 20.04 | ||
| Ubuntu | Ubuntu | Ubuntu 16.04 | ||
| Ubuntu | Ubuntu | Ubuntu 14.04 ESM pour Amazon Web Services, Microsoft Azure, Google Cloud, Oracle Cloud | ||
| Ubuntu | Ubuntu | Ubuntu 18.04 | ||
| Ubuntu | Ubuntu | Ubuntu 14.04 ESM | ||
| Ubuntu | Ubuntu | Ubuntu 16.04 version HWE, HWE Xenial pour Trusty et OEM | ||
| Ubuntu | Ubuntu | Ubuntu 18.04 pour Amazon Web Services, Microsoft Azure, Google Cloud, Oracle Cloud | ||
| Ubuntu | Ubuntu | Ubuntu 16.04 pour Raspberry PI v8 pour les processeurs Qualcomm SnapDragon | ||
| Ubuntu | Ubuntu | Ubuntu 14.04 ESM version HWE, HWE Xenial pour Trusty et OEM |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 pour Amazon Web Services, Microsoft Azure, Google Cloud, Oracle Cloud",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM pour Raspberry PI v8 pour les processeurs Qualcomm SnapDragon",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 pour Raspberry PI v8 pour les processeurs Qualcomm SnapDragon",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 version HWE et OEM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 pour Microsoft Azure, Google Cloud, Oracle Cloud",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 16.04",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM pour Amazon Web Services, Microsoft Azure, Google Cloud, Oracle Cloud",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 16.04 version HWE, HWE Xenial pour Trusty et OEM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 pour Amazon Web Services, Microsoft Azure, Google Cloud, Oracle Cloud",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 16.04 pour Raspberry PI v8 pour les processeurs Qualcomm SnapDragon",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM version HWE, HWE Xenial pour Trusty et OEM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-0067",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0067"
},
{
"name": "CVE-2019-19061",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19061"
},
{
"name": "CVE-2019-19073",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19073"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2019-9453",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9453"
},
{
"name": "CVE-2019-20811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20811"
},
{
"name": "CVE-2020-14356",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14356"
},
{
"name": "CVE-2019-9445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9445"
},
{
"name": "CVE-2019-19067",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19067"
},
{
"name": "CVE-2020-12888",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12888"
},
{
"name": "CVE-2019-18808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18808"
},
{
"name": "CVE-2019-19054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19054"
},
{
"name": "CVE-2020-16166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16166"
},
{
"name": "CVE-2019-19074",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19074"
}
],
"initial_release_date": "2020-09-22T00:00:00",
"last_revision_date": "2020-09-22T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-585",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-09-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4527-1 du 22 septembre 2020",
"url": "https://ubuntu.com/security/notices/USN-4527-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4525-1 du 21 septembre 2020",
"url": "https://ubuntu.com/security/notices/USN-4525-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4526-1 du 22 septembre 2020",
"url": "https://ubuntu.com/security/notices/USN-4526-1"
}
]
}
CERTFR-2020-AVI-553
Vulnerability from certfr_avis - Published: 2020-09-09 - Updated: 2020-09-09
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Availability 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14386",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14386"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
},
{
"name": "CVE-2020-14356",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14356"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2020-16166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16166"
},
{
"name": "CVE-2020-10135",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10135"
}
],
"initial_release_date": "2020-09-09T00:00:00",
"last_revision_date": "2020-09-09T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-553",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-09-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202576-1 du 09 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202576-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202574-1 du 08 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202574-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202575-1 du 09 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202575-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202579-1 du 09 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202579-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202577-1 du 09 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202577-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202580-1 du 09 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202578-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202578-1 du 09 septembre 2020",
"url": null
}
]
}
CERTFR-2020-AVI-574
Vulnerability from certfr_avis - Published: 2020-09-16 - Updated: 2020-09-16
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Module for Realtime 15-SP1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP4-LTSS | ||
| SUSE | N/A | SUSE OpenStack Cloud Crowbar 9 | ||
| SUSE | N/A | SUSE OpenStack Cloud 9 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP4 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module for Realtime 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14386",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14386"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
},
{
"name": "CVE-2020-14356",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14356"
},
{
"name": "CVE-2020-16166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16166"
},
{
"name": "CVE-2020-10135",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10135"
}
],
"initial_release_date": "2020-09-16T00:00:00",
"last_revision_date": "2020-09-16T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-574",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-09-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nd\u00e9ni de service, un contournement de la politique de s\u00e9curit\u00e9 et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2020:2623-1 du 14 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202623-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2020:2631-1 du 14 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202631-1/"
}
]
}
CERTFR-2020-AVI-699
Vulnerability from certfr_avis - Published: 2020-11-02 - Updated: 2020-11-02
De multiples vulnérabilités ont été découvertes dans Debian LTS. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian 9 Stretch versions ant\u00e9rieures \u00e0 4.9.240-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14386",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14386"
},
{
"name": "CVE-2020-14390",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14390"
},
{
"name": "CVE-2020-12771",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12771"
},
{
"name": "CVE-2020-25285",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25285"
},
{
"name": "CVE-2020-12351",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12351"
},
{
"name": "CVE-2020-25220",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25220"
},
{
"name": "CVE-2020-15393",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15393"
},
{
"name": "CVE-2019-19073",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19073"
},
{
"name": "CVE-2020-25284",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25284"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-26088",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26088"
},
{
"name": "CVE-2020-12655",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12655"
},
{
"name": "CVE-2020-24490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24490"
},
{
"name": "CVE-2020-12352",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12352"
},
{
"name": "CVE-2020-14356",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14356"
},
{
"name": "CVE-2019-9445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9445"
},
{
"name": "CVE-2020-12888",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12888"
},
{
"name": "CVE-2020-14305",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
},
{
"name": "CVE-2019-19448",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19448"
},
{
"name": "CVE-2020-25211",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25211"
},
{
"name": "CVE-2020-16166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16166"
},
{
"name": "CVE-2020-25643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
},
{
"name": "CVE-2020-25645",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25645"
},
{
"name": "CVE-2019-19074",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19074"
},
{
"name": "CVE-2020-25641",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25641"
}
],
"initial_release_date": "2020-11-02T00:00:00",
"last_revision_date": "2020-11-02T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-699",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-11-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Debian LTS.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Debian LTS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Debian LTS dla-2420 du 30 octobre 2020",
"url": "https://www.debian.org/lts/security/2020/dla-2420"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Debian LTS dla-2417-1 du 28 octobre 2020",
"url": "https://www.debian.org/lts/security/2020/dla-2417"
}
]
}
CERTFR-2020-AVI-547
Vulnerability from certfr_avis - Published: 2020-09-04 - Updated: 2020-09-04
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Module for Basesystem 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Realtime 15-SP1 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time Extension 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Legacy Software 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Development Tools 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Public Cloud 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP2 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module for Basesystem 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Realtime 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time Extension 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Legacy Software 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Development Tools 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Public Cloud 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-10781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10781"
},
{
"name": "CVE-2020-12653",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12653"
},
{
"name": "CVE-2020-12464",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12464"
},
{
"name": "CVE-2020-11669",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11669"
},
{
"name": "CVE-2018-1000199",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000199"
},
{
"name": "CVE-2020-12771",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12771"
},
{
"name": "CVE-2020-12114",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12114"
},
{
"name": "CVE-2020-10711",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10711"
},
{
"name": "CVE-2020-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12652"
},
{
"name": "CVE-2020-12659",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12659"
},
{
"name": "CVE-2020-15393",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15393"
},
{
"name": "CVE-2020-14416",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14416"
},
{
"name": "CVE-2019-9455",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9455"
},
{
"name": "CVE-2019-19462",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19462"
},
{
"name": "CVE-2020-10751",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10751"
},
{
"name": "CVE-2020-10732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10732"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2019-20806",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20806"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-13974",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13974"
},
{
"name": "CVE-2020-10767",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10767"
},
{
"name": "CVE-2020-12655",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12655"
},
{
"name": "CVE-2020-12769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12769"
},
{
"name": "CVE-2020-13143",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13143"
},
{
"name": "CVE-2020-10768",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10768"
},
{
"name": "CVE-2020-14356",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14356"
},
{
"name": "CVE-2020-0305",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0305"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2020-10690",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10690"
},
{
"name": "CVE-2020-12888",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12888"
},
{
"name": "CVE-2019-20812",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20812"
},
{
"name": "CVE-2020-10769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10769"
},
{
"name": "CVE-2020-15780",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15780"
},
{
"name": "CVE-2020-12657",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12657"
},
{
"name": "CVE-2020-12656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12656"
},
{
"name": "CVE-2019-20908",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20908"
},
{
"name": "CVE-2020-16166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16166"
},
{
"name": "CVE-2020-10720",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10720"
},
{
"name": "CVE-2020-10135",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10135"
},
{
"name": "CVE-2020-10766",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10766"
},
{
"name": "CVE-2020-10757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10757"
},
{
"name": "CVE-2020-0543",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
},
{
"name": "CVE-2020-10773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10773"
},
{
"name": "CVE-2019-20810",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20810"
},
{
"name": "CVE-2020-12654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12654"
}
],
"initial_release_date": "2020-09-04T00:00:00",
"last_revision_date": "2020-09-04T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-547",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-09-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202478-1 du 03 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202478-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202485-1 du 03 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202485-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202487-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202487-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202486-1 du 03 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202486-1/"
}
]
}
CERTFR-2020-AVI-570
Vulnerability from certfr_avis - Published: 2020-09-14 - Updated: 2020-09-14
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-ESPOS | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 15 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 15",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14386",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14386"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
},
{
"name": "CVE-2020-14356",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14356"
},
{
"name": "CVE-2020-16166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16166"
},
{
"name": "CVE-2020-10135",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10135"
}
],
"initial_release_date": "2020-09-14T00:00:00",
"last_revision_date": "2020-09-14T00:00:00",
"links": [
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-10135",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10135"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-14356",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14356"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-14386",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14386"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-16166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16166"
}
],
"reference": "CERTFR-2020-AVI-570",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-09-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": []
}
FKIE_CVE-2020-14356
Vulnerability from fkie_nvd - Published: 2020-08-19 15:15 - Updated: 2024-11-21 05:03
Severity ?
Summary
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.kernel.org/show_bug.cgi?id=208003 | Exploit, Issue Tracking, Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1868453 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6aw%40mail.gmail.com/t/ | Exploit, Vendor Advisory | |
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20200904-0002/ | Third Party Advisory | |
| secalert@redhat.com | https://usn.ubuntu.com/4483-1/ | Third Party Advisory | |
| secalert@redhat.com | https://usn.ubuntu.com/4484-1/ | Third Party Advisory | |
| secalert@redhat.com | https://usn.ubuntu.com/4526-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.kernel.org/show_bug.cgi?id=208003 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1868453 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6aw%40mail.gmail.com/t/ | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20200904-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4483-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4484-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4526-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| redhat | enterprise_linux | 8.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_backup | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | solidfire_baseboard_management_controller_firmware | - | |
| netapp | solidfire_baseboard_management_controller | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "898BAD2B-67FD-4E9E-8E97-CA80FA2F6971",
"versionEndExcluding": "4.9.231",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C87CF4-1717-41B1-8BE3-2D677ACE8AE2",
"versionEndExcluding": "4.14.189",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A10AF7-AE19-46A7-A351-2A522DC88D47",
"versionEndExcluding": "4.19.134",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFCF6FFA-03B0-4A3C-B124-914BAA27E64D",
"versionEndExcluding": "5.4.53",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "909E6366-17F8-49BD-B4B8-1F9A9F4F339D",
"versionEndExcluding": "5.7.10",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system."
},
{
"lang": "es",
"value": "Se detect\u00f3 un fallo de desreferencia de puntero null en el subsistema cgroupv2 del kernel de Linux en versiones anteriores a 5.7.10, en la manera de reiniciar el sistema. Un usuario local podr\u00eda usar este fallo para bloquear el sistema o escalar sus privilegios en el sistema."
}
],
"id": "CVE-2020-14356",
"lastModified": "2024-11-21T05:03:05.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-19T15:15:12.060",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=208003"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868453"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6aw%40mail.gmail.com/t/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200904-0002/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4483-1/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4484-1/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4526-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=208003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6aw%40mail.gmail.com/t/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200904-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4483-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4484-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4526-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2020-14356
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-14356",
"description": "A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.",
"id": "GSD-2020-14356",
"references": [
"https://www.suse.com/security/cve/CVE-2020-14356.html",
"https://access.redhat.com/errata/RHSA-2021:1739",
"https://access.redhat.com/errata/RHSA-2021:1578",
"https://ubuntu.com/security/CVE-2020-14356",
"https://linux.oracle.com/cve/CVE-2020-14356.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-14356"
],
"details": "A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.",
"id": "GSD-2020-14356",
"modified": "2023-12-13T01:21:59.795357Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kernel",
"version": {
"version_data": [
{
"version_value": "Kernel versions before 5.7.10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1868453",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868453"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=208003",
"refsource": "MISC",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=208003"
},
{
"name": "https://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6aw%40mail.gmail.com/t/",
"refsource": "MISC",
"url": "https://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6aw%40mail.gmail.com/t/"
},
{
"name": "openSUSE-SU-2020:1236",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html"
},
{
"name": "openSUSE-SU-2020:1325",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200904-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200904-0002/"
},
{
"name": "USN-4484-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4484-1/"
},
{
"name": "USN-4483-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4483-1/"
},
{
"name": "USN-4526-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4526-1/"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
},
{
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.9.231",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.14.189",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.19.134",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.4.53",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.7.10",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14356"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6aw%40mail.gmail.com/t/",
"refsource": "MISC",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6aw%40mail.gmail.com/t/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1868453",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868453"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=208003",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=208003"
},
{
"name": "openSUSE-SU-2020:1236",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html"
},
{
"name": "openSUSE-SU-2020:1325",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200904-0002/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200904-0002/"
},
{
"name": "USN-4484-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4484-1/"
},
{
"name": "USN-4483-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4483-1/"
},
{
"name": "USN-4526-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4526-1/"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
},
{
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
},
{
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-02-24T18:42Z",
"publishedDate": "2020-08-19T15:15Z"
}
}
}
GHSA-GM74-X573-MG64
Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-11-18 21:30
VLAI?
Details
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2020-14356"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-19T15:15:00Z",
"severity": "HIGH"
},
"details": "A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.",
"id": "GHSA-gm74-x573-mg64",
"modified": "2022-11-18T21:30:18Z",
"published": "2022-05-24T17:26:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14356"
},
{
"type": "WEB",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=208003"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868453"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6aw%40mail.gmail.com/t"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200904-0002"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4483-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4484-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4526-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CVE-2020-14356
Vulnerability from osv_almalinux
Published
2021-05-18 05:33
Modified
2021-08-11 08:54
Summary
Important: kernel security, bug fix, and enhancement update
Details
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
-
kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)
-
kernel: memory leak in sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c (CVE-2019-18811)
-
kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523)
-
kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (CVE-2019-19528)
-
kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431)
-
kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)
-
kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464)
-
kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)
-
kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356)
-
kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c (CVE-2020-15437)
-
kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)
-
kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)
-
kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284)
-
kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285)
-
kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643)
-
kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)
-
kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)
-
kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835)
-
kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)
-
kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (CVE-2020-35508)
-
kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations (CVE-2020-36322)
-
kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege (CVE-2021-0342)
-
kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-tools-libs-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-305.el8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n* kernel: memory leak in sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c (CVE-2019-18811)\n\n* kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523)\n\n* kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (CVE-2019-19528)\n\n* kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431)\n\n* kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)\n\n* kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464)\n\n* kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)\n\n* kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356)\n\n* kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c (CVE-2020-15437)\n\n* kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)\n\n* kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)\n\n* kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284)\n\n* kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285)\n\n* kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643)\n\n* kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)\n\n* kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)\n\n* kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835)\n\n* kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)\n\n* kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting -\u003ereal_parent (CVE-2020-35508)\n\n* kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations (CVE-2020-36322)\n\n* kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege (CVE-2021-0342)\n\n* kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2021:1578",
"modified": "2021-08-11T08:54:00Z",
"published": "2021-05-18T05:33:57Z",
"references": [
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-18811"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-19523"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-19528"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-0431"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-11608"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-12114"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-12362"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-12363"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-12364"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-12464"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-14314"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-14356"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-15437"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-24394"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-25212"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-25284"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-25285"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-25643"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-25704"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-27786"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-27835"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-28974"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-35508"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-36322"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-0342"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-0605"
}
],
"related": [
"CVE-2020-12362",
"CVE-2019-18811",
"CVE-2019-19523",
"CVE-2019-19528",
"CVE-2020-0431",
"CVE-2020-12114",
"CVE-2020-12464",
"CVE-2020-14314",
"CVE-2020-14356",
"CVE-2020-15437",
"CVE-2020-24394",
"CVE-2020-25212",
"CVE-2020-25284",
"CVE-2020-25285",
"CVE-2020-25643",
"CVE-2020-25704",
"CVE-2020-27786",
"CVE-2020-27835",
"CVE-2020-28974",
"CVE-2020-35508",
"CVE-2020-36322",
"CVE-2021-0342",
"CVE-2020-11608"
],
"summary": "Important: kernel security, bug fix, and enhancement update"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…