Main Vulnerability Database SB2020123024

SB2020123024 - openEuler 20.03 LTS update for kernel

Published: December 30, 2020 Updated: April 24, 2025

Security Bulletin ID SB2020123024

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 8

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 8 vulnerabilities.

1) Memory leak (CVE-ID: CVE-2020-25704)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the Linux kernel performance monitoring subsystem when using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.

2) Out-of-bounds read (CVE-ID: CVE-2020-28974)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a local privileged user to read and manipulate data.

The vulnerability exists due to an out-of-bounds read error within the con_font_default() and con_font_op() functions in drivers/tty/vt/vt.c. A local privileged user can read and manipulate data.

3) Memory leak (CVE-ID: CVE-2020-29371)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to memory leak within the romfs_dev_read() function in fs/romfs/storage.c. A local user can gain access to sensitive information.

4) Buffer Over-read (CVE-ID: CVE-2020-28915)

CWE-ID: CWE-126 - Buffer over-read

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user with physical access to perform a denial of service attack.

The vulnerability exists due to an out-of-bounds (OOB) memory access flaw in fbcon_get_font() function in drivers/video/fbdev/core/fbcon.c in fbcon driver module in the Linux kernel. A local user with special user privilege and with physical access can gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information.

5) Use of insufficiently random values (CVE-ID: CVE-2020-25705)

CWE-ID: CWE-330 - Use of Insufficiently Random Values

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

The vulnerability allows a remote attacker to gain access to sensitive information.

A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.

6) Concurrent execution using shared resource with improper synchronization ('race condition') (CVE-ID: CVE-2020-29370)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to concurrent execution using shared resource with improper synchronization ('race condition') error within the kmem_cache_alloc_bulk() function in mm/slub.c. A local user can execute arbitrary code.

7) Out-of-bounds write (CVE-ID: CVE-2020-29368)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input within the __split_huge_pmd() function in mm/huge_memory.c in the Linux kernel. A local user can abuse the copy-on-write implementation and gain unintended write access because of a race condition in a THP mapcount check.

8) Release of invalid pointer or reference (CVE-ID: CVE-2020-28941)

CWE-ID: CWE-763 - Release of invalid pointer or reference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to release of invalid pointer or reference error within the makefile. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2020-1112

Vulnerable Software

openEuler: 20.03 LTS
kernel: before 4.19.90-2012.5.0.0054
bpftool: before 4.19.90-2012.5.0.0054
kernel-debugsource: before 4.19.90-2012.5.0.0054
kernel-tools: before 4.19.90-2012.5.0.0054
kernel-debuginfo: before 4.19.90-2012.5.0.0054
perf-debuginfo: before 4.19.90-2012.5.0.0054
python3-perf-debuginfo: before 4.19.90-2012.5.0.0054
python2-perf: before 4.19.90-2012.5.0.0054
python3-perf: before 4.19.90-2012.5.0.0054
bpftool-debuginfo: before 4.19.90-2012.5.0.0054
kernel-tools-devel: before 4.19.90-2012.5.0.0054
kernel-devel: before 4.19.90-2012.5.0.0054
kernel-tools-debuginfo: before 4.19.90-2012.5.0.0054
python2-perf-debuginfo: before 4.19.90-2012.5.0.0054
kernel-source: before 4.19.90-2012.5.0.0054
perf: before 4.19.90-2012.5.0.0054

SB2020123024 - openEuler 20.03 LTS update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human