Multiple vulnerabilities in Linux kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2020-11668 CVE-2020-11608 CVE-2020-11609 |
| CWE-ID | CWE-476 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
Updated 25.05.2020
Added vulnerabilities #2-3
1) NULL pointer dereference
EUVDB-ID: #VU27875
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-11668
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the drivers/media/usb/gspca/xirlink_cit.c in Xirlink camera USB driver. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsLinux kernel: 5.6
External linkshttp://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a246b4d547708f33ff4d4b9a7a5dbac741dc89d8
http://github.com/torvalds/linux/commit/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8
http://security.netapp.com/advisory/ntap-20200430-0004/
http://usn.ubuntu.com/4345-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU28220
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-11608
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in "drivers/media/usb/gspca/ov519.c" file in "ov511_mode_init_regs and ov518_mode_init_regs". A remote authenticated attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 5.6
External linkshttp://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=998912346c0da53a6dbb71fab3a138586b596b30
http://github.com/torvalds/linux/commit/998912346c0da53a6dbb71fab3a138586b596b30
http://security.netapp.com/advisory/ntap-20200430-0004/
http://usn.ubuntu.com/4345-1/
http://usn.ubuntu.com/4364-1/
http://usn.ubuntu.com/4368-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU28221
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-11609
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the stv06xx subsystem in the "drivers/media/usb/gspca/stv06xx/stv06xx.c" and "drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c" files. A remote authenticated attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 5.6
External linkshttp://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=485b06aadb933190f4bc44e006076bc27a23f205
http://github.com/torvalds/linux/commit/485b06aadb933190f4bc44e006076bc27a23f205
http://security.netapp.com/advisory/ntap-20200430-0004/
http://usn.ubuntu.com/4345-1/
http://usn.ubuntu.com/4364-1/
http://usn.ubuntu.com/4368-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
