Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2020-14390 CVE-2020-25284 CVE-2020-25643 CVE-2020-25645

A flaw was found in the Linux kernel. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390) A flaw was found in the capabilities check of the rados block device functionality in the Linux kernel. Incorrect capability checks could alllow a local user with root priviledges (but no capabilities) to add or remove Rados Block Devices from the system. (CVE-2020-25284) A flaw was found in the HDLC_PPP module of the Linux kernel. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643) A flaw was found in the Linux kernel. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)

Source

ALAS2-2020-1520

Amazon Linux 2 Security Advisory: ALAS-2020-1520
Advisory Release Date: 2020-10-22 18:07 Pacific
Advisory Updated Date: 2020-10-22 22:35 Pacific

Severity: Important

References: CVE-2020-14390 CVE-2020-25284 CVE-2020-25643 CVE-2020-25645

Issue Overview:

A flaw was found in the Linux kernel. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)

A flaw was found in the capabilities check of the rados block device functionality in the Linux kernel. Incorrect capability checks could alllow a local user with root priviledges (but no capabilities) to add or remove Rados Block Devices from the system. (CVE-2020-25284)

A flaw was found in the HDLC_PPP module of the Linux kernel. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)

A flaw was found in the Linux kernel. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)

Affected Packages:

kernel

Issue Correction:
Run yum update kernel to update your system.

New Packages:

aarch64:
    kernel-4.14.200-155.322.amzn2.aarch64
    kernel-headers-4.14.200-155.322.amzn2.aarch64
    kernel-debuginfo-common-aarch64-4.14.200-155.322.amzn2.aarch64
    perf-4.14.200-155.322.amzn2.aarch64
    perf-debuginfo-4.14.200-155.322.amzn2.aarch64
    python-perf-4.14.200-155.322.amzn2.aarch64
    python-perf-debuginfo-4.14.200-155.322.amzn2.aarch64
    kernel-tools-4.14.200-155.322.amzn2.aarch64
    kernel-tools-devel-4.14.200-155.322.amzn2.aarch64
    kernel-tools-debuginfo-4.14.200-155.322.amzn2.aarch64
    kernel-devel-4.14.200-155.322.amzn2.aarch64
    kernel-debuginfo-4.14.200-155.322.amzn2.aarch64

i686:
    kernel-headers-4.14.200-155.322.amzn2.i686

src:
    kernel-4.14.200-155.322.amzn2.src

x86_64:
    kernel-4.14.200-155.322.amzn2.x86_64
    kernel-headers-4.14.200-155.322.amzn2.x86_64
    kernel-debuginfo-common-x86_64-4.14.200-155.322.amzn2.x86_64
    perf-4.14.200-155.322.amzn2.x86_64
    perf-debuginfo-4.14.200-155.322.amzn2.x86_64
    python-perf-4.14.200-155.322.amzn2.x86_64
    python-perf-debuginfo-4.14.200-155.322.amzn2.x86_64
    kernel-tools-4.14.200-155.322.amzn2.x86_64
    kernel-tools-devel-4.14.200-155.322.amzn2.x86_64
    kernel-tools-debuginfo-4.14.200-155.322.amzn2.x86_64
    kernel-devel-4.14.200-155.322.amzn2.x86_64
    kernel-debuginfo-4.14.200-155.322.amzn2.x86_64
    kernel-livepatch-4.14.200-155.322-1.0-0.amzn2.x86_64

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS2-2020-1520

ALAS2-2020-1520

Vulmon Search

About

Products

Connect