In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. (CVE-2019-19813) A flaw was found in the implementation of the BTRFS file system code in the Linux kernel. An attacker, who is able to mount a crafted BTRFS filesystem and perform common filesystem operations, can possibly cause an out-of-bounds write to memory. This could lead to memory corruption or privilege escalation. (CVE-2019-19816) This flaw is rated as having Moderate impact, there is a possibility that there is a write, although it is an uncontrolled write in a fixed offset from the current location. Also this issue is in non-default filesystem. (CVE-2020-27815) An issue exists in Xen up to and including 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (<a href=nvd.nist.gov/vuln/detail/CVE%2D2020%2D29568>cve-2020-29568</a>) An issue exists in the Linux kernel up to and including 5.10.1, as used with Xen up to and including 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback. (<a href=nvd.nist.gov/vuln/detail/CVE%2D2020%2D29569>cve-2020-29569</a>) A locking inconsistency issue exists in the tty subsystem of the Linux kernel up to and including 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660) A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. This flaw allows a local malicious user to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-29661)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 14.04 |
||
debian debian linux 9.0 |
||
netapp steelstore cloud integrated storage - |
||
netapp active iq unified manager |
||
netapp data availability services - |
||
netapp solidfire - |
||
netapp hci management node - |
||
netapp aff_a700s_firmware - |
||
netapp fas8300_firmware - |
||
netapp fas8700_firmware - |
||
netapp aff_a400_firmware - |
||
netapp h610s_firmware - |