what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2020-27170

Status Candidate

Overview

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.

Related Files

Red Hat Security Advisory 2021-2316-01
Posted Jun 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2316-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include integer overflow, null pointer, and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-12362, CVE-2020-12363, CVE-2020-12364, CVE-2020-27170, CVE-2020-8648, CVE-2021-3347
SHA-256 | da329e84b8a2493bc5902ca7fbabf7a1154e94c0edc2a8854051da5de179d463
Download | Favorite | View
Red Hat Security Advisory 2021-2314-01
Posted Jun 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2314-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include integer overflow, null pointer, and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-12362, CVE-2020-12363, CVE-2020-12364, CVE-2020-27170, CVE-2020-8648, CVE-2021-3347
SHA-256 | 79e4b14a55ff6019bd546df5f3f2edbb10c04d16a4a1d857ef855c0e9b2df54c
Download | Favorite | View
Kernel Live Patch Security Notice LSN-0075-1
Posted Apr 7, 2021
Authored by Benjamin M. Romer

Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly apply speculative execution limits on some pointer types. A local attacker could use this to expose sensitive information (kernel memory). It was discovered that the memory management subsystem in the Linux kernel did not properly handle copy-on-write operations in some situations. A local attacker could possibly use this to gain unintended write access to read-only memory pages. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux
advisories | CVE-2020-27170, CVE-2020-27171, CVE-2020-29372, CVE-2020-29374, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-3444
SHA-256 | 469cc31bae7443b09e56a62b4aac4c6a731592910bda9c7097efee0cfc5ebb11
Download | Favorite | View
Ubuntu Security Notice USN-4890-1
Posted Mar 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4890-1 - Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly compute a speculative execution limit on pointer arithmetic in some situations. A local attacker could use this to expose sensitive information. Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly apply speculative execution limits on some pointer types. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-27170, CVE-2020-27171
SHA-256 | b25993fe5d12873c32c2eaf455cfa3c641110f1b5ba08a35d185354f593c26a3
Download | Favorite | View
Ubuntu Security Notice USN-4887-1
Posted Mar 24, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4887-1 - De4dCr0w of 360 Alpha Lab discovered that the BPF verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker could use this to expose sensitive information or possibly execute arbitrary code. Adam Nichols discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-27170, CVE-2020-27171, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-3444
SHA-256 | 9a06c7465cb26d1b56d2a8903cc4d503a19d30e3db18b40322b2ce482b14f4f4
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close