Published: 26/05/2021 Updated: 12/02/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

It exists that the aufs file system in the Linux kernel did not properly maintain POSIX ACL xattr data, when mounted with the non-default allow_userns option. A local attacker could possibly use this to gain elevated privileges. (CVE-2016-2854) ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
fedoraproject fedora 32
fedoraproject fedora 33
fedoraproject fedora 34
netapp cloud backup -
netapp active iq unified manager -
netapp solidfire_baseboard_management_controller_firmware -
netapp h410c_firmware -
netapp h300s_firmware -
netapp h500s_firmware -
netapp h700s_firmware -
netapp h300e_firmware -
netapp h500e_firmware -
netapp h700e_firmware -
netapp h410s_firmware -
debian debian linux 9.0

Several security issues were fixed in the Linux kernel ...

kernel: refcount leak in llcp_sock_bind() (CVE-2020-25670) kernel: refcount leak in llcp_sock_connect() (CVE-2020-25671) kernel: memory leak in llcp_sock_connect() (CVE-2020-25672) An issue was discovered in the Linux kernel related to mm/gupc and mm/huge_memoryc The get_user_pages (aka gup) implementation, when used for a copy-on-write page, do ...

A use-after-free flaw was found in the Linux kernel's NFC LLCP protocol implementation in the way the user performs manipulation with an unknown input for the llcp_sock_bind() function This flaw allows a local user to crash or escalate their privileges on the system (CVE-2020-25670) A use-after-free flaw was found in the Linux kernel's NFC LLCP p ...

A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_bufferc in the Linux kernel before 539 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41 (CVE-2019-19060) A bypass was found for the Spectre v1 hardening in the eBPF engine of the Linux kernel The code in the kernel/bpf/verifier ...

A use-after-free flaw was found in the Linux kernel's NFC LLCP protocol implementation in the way the user performs manipulation with an unknown input for the llcp_sock_bind() function This flaw allows a local user to crash or escalate their privileges on the system (CVE-2020-25670) A use-after-free flaw was found in the Linux kernel's NFC LLCP p ...

CWE-416 http://www.openwall.com/lists/oss-security/2020/11/01/1 http://www.openwall.com/lists/oss-security/2021/05/11/4 https://www.openwall.com/lists/oss-security/2020/11/01/1 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://security.netapp.com/advisory/ntap-20210702-0008/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS/https://nvd.nist.gov https://ubuntu.com/security/notices/USN-5343-1

CVE-2020-25670

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect