CVE-2020-13143

Published: 18/05/2020 Updated: 29/10/2022

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 up to and including 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows malicious users to trigger an out-of-bounds read, aka CID-15753588bcd4.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
opensuse leap 15.1
opensuse leap 15.2
debian debian linux 8.0
debian debian linux 9.0
debian debian linux 10.0
canonical ubuntu linux 18.04
canonical ubuntu linux 14.04
canonical ubuntu linux 19.10
canonical ubuntu linux 20.04
canonical ubuntu linux 16.04
netapp cloud backup -
netapp element software -
netapp steelstore cloud integrated storage -
netapp solidfire -
netapp hci management node -
netapp active iq unified manager -
netapp solidfire baseboard management controller firmware -
netapp bootstrap os -
netapp a700s firmware -
netapp h300s firmware -
netapp h500s firmware -
netapp h700s firmware -
netapp h300e firmware -
netapp h500e firmware -
netapp h700e firmware -
netapp h410s firmware -
netapp h410c firmware -
netapp h610c firmware -
netapp h610s firmware -
netapp h615c firmware -

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2019-2182 Hanjun Guo and Lei Li reported a race condition in the arm64 virtual memory management code, which could lead to an information disclosure, denial of service (crash), or possibl ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2019-3016 It was discovered that the KVM implementation for x86 did not always perform TLB flushes when needed, if the paravirtualised TLB flush feature was enabled This could lead to di ...

A NULL pointer dereference flaw may occur in the Linux kernel's relay_open in kernel/relayc if the alloc_percpu() function is not validated in time of failure and used as a valid address for access An attacker could use this flaw to cause a denial of service (CVE-2019-19462) A new domain bypass transient execution attack known as Special Regist ...

CWE-125 https://www.spinics.net/lists/linux-usb/msg194331.html https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f https://security.netapp.com/advisory/ntap-20200608-0001/https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://www.debian.org/security/2020/dsa-4699 https://www.debian.org/security/2020/dsa-4698 http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://usn.ubuntu.com/4413-1/https://usn.ubuntu.com/4411-1/https://usn.ubuntu.com/4412-1/https://usn.ubuntu.com/4419-1/https://usn.ubuntu.com/4414-1/https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c https://nvd.nist.gov https://www.debian.org/security/2020/dsa-4698

CVE-2020-13143

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect