exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2020-8428

Status Candidate

Overview

fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed.

Related Files

Debian Security Advisory 4667-1
Posted Apr 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4667-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2020-10942, CVE-2020-11565, CVE-2020-11884, CVE-2020-2732, CVE-2020-8428
SHA-256 | 16323d64ec34cdde8160250d74f386fe52de579ba9ed063c3eb7063b6b8aa960
Kernel Live Patch Security Notice LSN-0065-1
Posted Apr 15, 2020
Authored by Benjamin M. Romer

Andrew Honig reported a flaw in the way KVM (Kernel-based Virtual Machine) emulated the IOAPIC. A privileged guest user could exploit this flaw to read host memory or cause a denial of service (crash the host). It was discovered that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information (read memory from another guest VM). Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory).

tags | advisory, denial of service, kernel, local
systems | linux
advisories | CVE-2013-1798, CVE-2019-3016, CVE-2020-8428
SHA-256 | ca957b71b70ae09e8f907fcd801c5a9571b9a877407f563e8bd4dc3a7e21def9
Ubuntu Security Notice USN-4324-1
Posted Apr 8, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4324-1 - Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly expose sensitive information. Shijie Luo discovered that the ext4 file system implementation in the Linux kernel did not properly check for a too-large journal size. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-8428, CVE-2020-8992
SHA-256 | 3354b82b5136c0f1f9db6f7e2c046652c69628e3bd2119247ececc242c70ea9e
Ubuntu Security Notice USN-4325-1
Posted Apr 8, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4325-1 - It was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service. Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-19046, CVE-2020-8428
SHA-256 | 85eb72e52de82594e56321121c22f08f52800814e6fbad38268b1be081f132fd
Ubuntu Security Notice USN-4320-1
Posted Apr 7, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4320-1 - Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-8428
SHA-256 | 1e4eb7a32a0e797aa6719009ac4c340dd14a3f00572ec494464c8e1f6347835b
Ubuntu Security Notice USN-4318-1
Posted Apr 7, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4318-1 - Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly expose sensitive information. Gustavo Romero and Paul Mackerras discovered that the KVM implementation in the Linux kernel for PowerPC processors did not properly keep guest state separate from host state. A local attacker in a KVM guest could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-8428, CVE-2020-8834, CVE-2020-8992
SHA-256 | 86b66a0e16466cfadcf6be3fd2d07b86ec2bbb7652f0c5c35dc6e0c95a9a6ab5
Ubuntu Security Notice USN-4319-1
Posted Apr 7, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4319-1 - It was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service. Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-19046, CVE-2020-8428
SHA-256 | bfdb7c8d747472b153f1f16c7deb8acfb04b4e44ce7b3916a3f11b4f70a10841
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    16 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close