USN-4657-1: Linux kernel vulnerabilities<\/p>\n
Elena Petrova discovered that the pin controller device tree implementation
\nin the Linux kernel did not properly handle string references. A local
\nattacker could use this to expose sensitive information (kernel memory).
\n(CVE-2020-0427)<\/p>\n
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered
\nthat legacy pairing and secure-connections pairing authentication in the
\nBluetooth protocol could allow an unauthenticated user to complete
\nauthentication without pairing credentials via adjacent access. A
\nphysically proximate attacker could use this to impersonate a previously
\npaired Bluetooth device. (CVE-2020-10135)<\/p>\n
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
\nkernel did not properly initialize memory in some situations. A physically
\nproximate remote attacker could use this to expose sensitive information
\n(kernel memory). (CVE-2020-12352)<\/p>\n
It was discovered that a race condition existed in the perf subsystem of
\nthe Linux kernel, leading to a use-after-free vulnerability. An attacker
\nwith access to the perf subsystem could use this to cause a denial of
\nservice (system crash) or possibly execute arbitrary code. (CVE-2020-14351)<\/p>\n
It was discovered that the frame buffer implementation in the Linux kernel
\ndid not properly handle some edge cases in software scrollback. A local
\nattacker could use this to cause a denial of service (system crash) or
\npossibly execute arbitrary code. (CVE-2020-14390)<\/p>\n
It was discovered that the netfilter connection tracker for netlink in the
\nLinux kernel did not properly perform bounds checking in some situations. A
\nlocal attacker could use this to cause a denial of service (system crash).
\n(CVE-2020-25211)<\/p>\n
It was discovered that the Rados block device (rbd) driver in the Linux
\nkernel did not properly perform privilege checks for access to rbd devices
\nin some situations. A local attacker could use this to map or unmap rbd
\nblock devices. (CVE-2020-25284)<\/p>\n
It was discovered that the HDLC PPP implementation in the Linux kernel did
\nnot properly validate input in some situations. A local attacker could use
\nthis to cause a denial of service (system crash) or possibly execute
\narbitrary code. (CVE-2020-25643)<\/p>\n
It was discovered that the GENEVE tunnel implementation in the Linux kernel
\nwhen combined with IPSec did not properly select IP routes in some
\nsituations. An attacker could use this to expose sensitive information
\n(unencrypted network traffic). (CVE-2020-25645)<\/p>\n
Keyu Man discovered that the ICMP global rate limiter in the Linux kernel
\ncould be used to assist in scanning open UDP ports. A remote attacker could
\nuse to facilitate attacks on UDP based services that depend on source port
\nrandomization. (CVE-2020-25705)<\/p>\n
It was discovered that the framebuffer implementation in the Linux kernel
\ndid not properly perform range checks in certain situations. A local
\nattacker could use this to expose sensitive information (kernel memory).
\n(CVE-2020-28915)<\/p>\n
It was discovered that Power 9 processors could be coerced to expose USN-4657-1: Linux kernel vulnerabilities Elena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-0427) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. (CVE-2020-10135) Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). (CVE-2020-12352) It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a [ more… ]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[586],"tags":[587],"class_list":["post-39623","post","type-post","status-publish","format-standard","hentry","category-ubuntu-usn","tag-ubuntu-usn"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/39623","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=39623"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/39623\/revisions"}],"predecessor-version":[{"id":39624,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/39623\/revisions\/39624"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=39623"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=39623"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=39623"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\ninformation from the L1 cache in certain situations. A local attacker could
\nuse this to expose sensitive information. (CVE-2020-4788)
\nSource: USN-4657-1: Linux kernel vulnerabilities<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"