alsa-2021:1578
Vulnerability from osv_almalinux
Published
2021-05-18 05:33
Modified
2021-08-11 08:54
Summary
Important: kernel security, bug fix, and enhancement update
Details

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)

  • kernel: memory leak in sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c (CVE-2019-18811)

  • kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523)

  • kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (CVE-2019-19528)

  • kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431)

  • kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)

  • kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464)

  • kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)

  • kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356)

  • kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c (CVE-2020-15437)

  • kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)

  • kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)

  • kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284)

  • kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285)

  • kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643)

  • kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)

  • kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)

  • kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835)

  • kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)

  • kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (CVE-2020-35508)

  • kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations (CVE-2020-36322)

  • kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege (CVE-2021-0342)

  • kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-tools-libs-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-305.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n* kernel: memory leak in sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c (CVE-2019-18811)\n\n* kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523)\n\n* kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (CVE-2019-19528)\n\n* kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431)\n\n* kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)\n\n* kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464)\n\n* kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)\n\n* kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356)\n\n* kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c (CVE-2020-15437)\n\n* kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)\n\n* kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)\n\n* kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284)\n\n* kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285)\n\n* kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643)\n\n* kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)\n\n* kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)\n\n* kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835)\n\n* kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)\n\n* kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting -\u003ereal_parent (CVE-2020-35508)\n\n* kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations (CVE-2020-36322)\n\n* kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege (CVE-2021-0342)\n\n* kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2021:1578",
  "modified": "2021-08-11T08:54:00Z",
  "published": "2021-05-18T05:33:57Z",
  "references": [
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-18811"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-19523"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-19528"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-0431"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11608"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-12114"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-12362"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-12363"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-12364"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-12464"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14314"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14356"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-15437"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-24394"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-25212"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-25284"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-25285"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-25643"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-25704"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-27786"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-27835"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-28974"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-35508"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-36322"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-0342"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-0605"
    }
  ],
  "related": [
    "CVE-2020-12362",
    "CVE-2019-18811",
    "CVE-2019-19523",
    "CVE-2019-19528",
    "CVE-2020-0431",
    "CVE-2020-12114",
    "CVE-2020-12464",
    "CVE-2020-14314",
    "CVE-2020-14356",
    "CVE-2020-15437",
    "CVE-2020-24394",
    "CVE-2020-25212",
    "CVE-2020-25284",
    "CVE-2020-25285",
    "CVE-2020-25643",
    "CVE-2020-25704",
    "CVE-2020-27786",
    "CVE-2020-27835",
    "CVE-2020-28974",
    "CVE-2020-35508",
    "CVE-2020-36322",
    "CVE-2021-0342",
    "CVE-2020-11608"
  ],
  "summary": "Important: kernel security, bug fix, and enhancement update"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.