Main Vulnerability Database SB2020043033

SB2020043033 - Multiple vulnerabilities in Linux kernel

Published: April 30, 2020 Updated: May 25, 2020

Security Bulletin ID SB2020043033

Severity

Low

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2020-11668)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the drivers/media/usb/gspca/xirlink_cit.c in Xirlink camera USB driver. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.

2) NULL pointer dereference (CVE-ID: CVE-2020-11608)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in "drivers/media/usb/gspca/ov519.c" file in "ov511_mode_init_regs and ov518_mode_init_regs". A remote authenticated attacker can perform a denial of service (DoS) attack.

3) NULL pointer dereference (CVE-ID: CVE-2020-11609)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the stv06xx subsystem in the "drivers/media/usb/gspca/stv06xx/stv06xx.c" and "drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c" files. A remote authenticated attacker can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

SB2020043033 - Multiple vulnerabilities in Linux kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human