SB2020102233 - Slackware Linux update for kernel
Published: October 22, 2020 Updated: April 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 24 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2020-12351)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within the BlueZ implementation in Linux kernel. A remote attacker on the local network can pass specially crafted input to the application and execute arbitrary code on the system.
2) Improper access control (CVE-ID: CVE-2020-12352)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in BlueZ implementation in Linux kernel. A remote attacker on the local network can pass specially crafted input to the application and gain access to sensitive information.
3) Buffer overflow (CVE-ID: CVE-2020-24490)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within BlueZ implementation in Linux kernel. A remote attacker on the local network can pass specially crated data to the system and perform a denial of service (DoS) attack.
4) Input validation error (CVE-ID: CVE-2019-20810)
The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.
5) Input validation error (CVE-ID: CVE-2020-12771)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a deadlock if a coalescing operation fails in "btree_gc_coalesce" in "drivers/md/bcache/btree.c" file. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
6) Memory leak (CVE-ID: CVE-2020-15393)
The vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak in "drivers/usb/misc/usbtest.c" file. A local user can force the application to leak memory and perform denial of service attack.
7) NULL pointer dereference (CVE-ID: CVE-2018-10323)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists in the xfs_bmap_extents_to_btree function in the fs/xfs/libxfs/xfs_bmap.c source code file due to NULL pointer dereference when handling Extended File System (XFS) images. A local attacker can mount a specially crafted XFS filesystem image when filesystem operations are executed on the mounted image and cause the service to crash.
8) Incorrect default permissions (CVE-ID: CVE-2020-26088)
The vulnerability allows a local user to manipulate data.
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.
9) Memory leak (CVE-ID: CVE-2019-19054)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "cx23888_ir_probe()" function in "drivers/media/pci/cx23885/cx23888-ir.c" file. A local attacker can cause a denial of service condition (memory consumption) by triggering "kfifo_alloc()" failures.
10) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2020-25212)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a TOCTOU mismatch in the NFS client code in the Linux kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.11) Out-of-bounds read (CVE-ID: CVE-2019-9445)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a missing bounds check when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
12) Null pointer dereference (CVE-ID: CVE-2018-13094)
The vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to NULL pointer dereference in the fs/xfs/libxfs/xfs_attr_leaf.c source code file in the Extended File System (XFS) component when the xfs_da_shrink_inode() function is called with a NULL byte pointer. A local attacker can mount and perform operations on a crafted XFS image, trigger a NULL pointer dereference condition in the xfs_trans_binval() function and cause the service to crash.
13) NULL pointer dereference (CVE-ID: CVE-2018-8043)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists in the unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c due to improper validation of certain resource availability. A local attacker can trigger NULL pointer dereference and cause the service to crash.
14) Use of insufficiently random values (CVE-ID: CVE-2020-16166)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to use of insufficiently random values error within the prandom_state_selftest() function in lib/random32.c, within the update_process_times() function in kernel/time/timer.c, within the add_interrupt_randomness() function in drivers/char/random.c. A remote non-authenticated attacker can gain access to sensitive information.
15) Out-of-bounds write (CVE-ID: CVE-2020-14331)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Linux kernel’s implementation of the invert video code on VGA consoles. A local user with can run a specially crafted program to call VT_RESIZE IOCTL, trigger an out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
16) Use-after-free (CVE-ID: CVE-2019-19448)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.
17) Memory leak (CVE-ID: CVE-2019-19074)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "ath9k_wmi_cmd()" function in "drivers/net/wireless/ath/ath9k/wmi.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption).
18) Memory leak (CVE-ID: CVE-2019-19073)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "htc_config_pipe_credits()", "htc_setup_complete()" and "htc_connect_service()" functions in "drivers/net/wireless/ath/ath9k/htc_hst.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption) by triggering "wait_for_completion_timeout()" failures.19) Out-of-bounds read (CVE-ID: CVE-2020-14314)
The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists.
20) NULL pointer dereference (CVE-ID: CVE-2020-25285)
The vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to NULL pointer dereference within the allowed_mems_nr(), hugetlb_sysctl_handler_common() and hugetlb_overcommit_handler() functions in mm/hugetlb.c. A local privileged user can execute arbitrary code.
21) Incorrect authorization (CVE-ID: CVE-2020-25284)
The vulnerability allows a local privileged user to manipulate data.
The vulnerability exists due to incorrect authorization error within the rbd_config_info_show(), rbd_image_refresh(), do_rbd_add() and do_rbd_remove() functions in drivers/block/rbd.c. A local privileged user can manipulate data.
22) Out-of-bounds read (CVE-ID: CVE-2020-14390)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to an out-of-bounds read that occurs leading to memory corruption or a denial of service. This highest threat from this vulnerability is to system availability.
23) Out-of-bounds read (CVE-ID: CVE-2020-25643)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the HDLC_PPP module of the Linux kernel in the ppp_cp_parse_cr() function. A remote authenticated user can trigger out-of-bounds read error and read contents of memory on the system.
24) Buffer overflow (CVE-ID: CVE-2020-25211)
The vulnerability allows a local user to crash the system.
The vulnerability exists due to a boundary error within the ctnetlink_parse_tuple_filter() function in net/netfilter/nf_conntrack_netlink.c. A local user can inject conntrack netlink configuration, trigger buffer overflow and crash the kernel or force usage of incorrect protocol numbers.
Remediation
Install update from vendor's website.