ID

VAR-202002-1243


CVE

CVE-2020-8648


TITLE

Linux Kernel Vulnerability in using free memory in

Trust: 0.8

sources: JVNDB: JVNDB-2020-001618

DESCRIPTION

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. Linux Kernel Is vulnerable to the use of freed memory.Information is obtained and service operation is interrupted (DoS) It may be put into a state. ========================================================================== Ubuntu Security Notice USN-4345-1 April 28, 2020 linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2020-11884) It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16234) Tristan Madani discovered that the block I/O tracing implementation in the Linux kernel contained a race condition. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-19768) It was discovered that the vhost net driver in the Linux kernel contained a stack buffer overflow. A local attacker with the ability to perform ioctl() calls on /dev/vhost-net could use this to cause a denial of service (system crash). (CVE-2020-10942) It was discovered that the OV51x USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11608) It was discovered that the STV06XX USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11609) It was discovered that the Xirlink C-It USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2020-8648) Jordy Zomer discovered that the floppy driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-9383) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: linux-image-4.15.0-1038-oracle 4.15.0-1038.42 linux-image-4.15.0-1058-gke 4.15.0-1058.61 linux-image-4.15.0-1059-kvm 4.15.0-1059.60 linux-image-4.15.0-1061-raspi2 4.15.0-1061.65 linux-image-4.15.0-1066-aws 4.15.0-1066.70 linux-image-4.15.0-1077-snapdragon 4.15.0-1077.84 linux-image-4.15.0-1080-oem 4.15.0-1080.90 linux-image-4.15.0-99-generic 4.15.0-99.100 linux-image-4.15.0-99-generic-lpae 4.15.0-99.100 linux-image-4.15.0-99-lowlatency 4.15.0-99.100 linux-image-aws-lts-18.04 4.15.0.1066.69 linux-image-generic 4.15.0.99.89 linux-image-generic-lpae 4.15.0.99.89 linux-image-gke 4.15.0.1058.62 linux-image-gke-4.15 4.15.0.1058.62 linux-image-kvm 4.15.0.1059.59 linux-image-lowlatency 4.15.0.99.89 linux-image-oem 4.15.0.1080.84 linux-image-oracle-lts-18.04 4.15.0.1038.47 linux-image-powerpc-e500mc 4.15.0.99.89 linux-image-powerpc-smp 4.15.0.99.89 linux-image-powerpc64-emb 4.15.0.99.89 linux-image-powerpc64-smp 4.15.0.99.89 linux-image-raspi2 4.15.0.1061.59 linux-image-snapdragon 4.15.0.1077.80 linux-image-virtual 4.15.0.99.89 Ubuntu 16.04 LTS: linux-image-4.15.0-1038-oracle 4.15.0-1038.42~16.04.1 linux-image-4.15.0-1061-gcp 4.15.0-1061.65 linux-image-4.15.0-1066-aws 4.15.0-1066.70~16.04.1 linux-image-4.15.0-1082-azure 4.15.0-1082.92~16.04.1 linux-image-4.15.0-99-generic 4.15.0-99.100~16.04.1 linux-image-4.15.0-99-generic-lpae 4.15.0-99.100~16.04.1 linux-image-4.15.0-99-lowlatency 4.15.0-99.100~16.04.1 linux-image-aws-hwe 4.15.0.1066.66 linux-image-azure 4.15.0.1082.81 linux-image-azure-edge 4.15.0.1082.81 linux-image-gcp 4.15.0.1061.75 linux-image-generic-hwe-16.04 4.15.0.99.106 linux-image-generic-lpae-hwe-16.04 4.15.0.99.106 linux-image-gke 4.15.0.1061.75 linux-image-lowlatency-hwe-16.04 4.15.0.99.106 linux-image-oem 4.15.0.99.106 linux-image-oracle 4.15.0.1038.31 linux-image-virtual-hwe-16.04 4.15.0.99.106 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Bug Fix(es): * lru-add-drain workqueue on RT is allocated without being used (BZ#1894587) * kernel-rt: update to the latest RHEL7.9.z source tree (BZ#1953118) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2021:3320-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3320 Issue date: 2021-08-31 CVE Names: CVE-2020-8648 CVE-2021-32399 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64 3. Security Fix(es): * kernel: race condition for removal of the HCI controller (CVE-2021-32399) * kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Package List: Red Hat Enterprise Linux Server AUS (v. 7.6): Source: kernel-3.10.0-957.80.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.80.1.el7.noarch.rpm kernel-doc-3.10.0-957.80.1.el7.noarch.rpm x86_64: bpftool-3.10.0-957.80.1.el7.x86_64.rpm kernel-3.10.0-957.80.1.el7.x86_64.rpm kernel-debug-3.10.0-957.80.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.80.1.el7.x86_64.rpm kernel-devel-3.10.0-957.80.1.el7.x86_64.rpm kernel-headers-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.80.1.el7.x86_64.rpm perf-3.10.0-957.80.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm python-perf-3.10.0-957.80.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.6): Source: kernel-3.10.0-957.80.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.80.1.el7.noarch.rpm kernel-doc-3.10.0-957.80.1.el7.noarch.rpm ppc64le: kernel-3.10.0-957.80.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-957.80.1.el7.ppc64le.rpm kernel-debug-3.10.0-957.80.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-957.80.1.el7.ppc64le.rpm kernel-devel-3.10.0-957.80.1.el7.ppc64le.rpm kernel-headers-3.10.0-957.80.1.el7.ppc64le.rpm kernel-tools-3.10.0-957.80.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-957.80.1.el7.ppc64le.rpm perf-3.10.0-957.80.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm python-perf-3.10.0-957.80.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm x86_64: kernel-3.10.0-957.80.1.el7.x86_64.rpm kernel-debug-3.10.0-957.80.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.80.1.el7.x86_64.rpm kernel-devel-3.10.0-957.80.1.el7.x86_64.rpm kernel-headers-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.80.1.el7.x86_64.rpm perf-3.10.0-957.80.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm python-perf-3.10.0-957.80.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.6): Source: kernel-3.10.0-957.80.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.80.1.el7.noarch.rpm kernel-doc-3.10.0-957.80.1.el7.noarch.rpm x86_64: bpftool-3.10.0-957.80.1.el7.x86_64.rpm kernel-3.10.0-957.80.1.el7.x86_64.rpm kernel-debug-3.10.0-957.80.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.80.1.el7.x86_64.rpm kernel-devel-3.10.0-957.80.1.el7.x86_64.rpm kernel-headers-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.80.1.el7.x86_64.rpm perf-3.10.0-957.80.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm python-perf-3.10.0-957.80.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.6): x86_64: kernel-debug-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.80.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.6): ppc64le: kernel-debug-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-957.80.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-957.80.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-957.80.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.80.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.6): x86_64: kernel-debug-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.80.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-8648 https://access.redhat.com/security/cve/CVE-2021-32399 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYS3nm9zjgjWX9erEAQgQiw/+PS0eDpLBno3w5Z5w4AAOBSZ5xVVUjc5g 3oc37irMYBQFeOYWjM1dY/YRJOwoKnlEFtSZiCG+DQGOh17aZkjklT4oWkdp/a8C i5MfOXm+U7SJ6CBg+xiwq6++gze9z2qWOfSyB48yVYjCMAj7Sud5OrJ4glLXsD28 2NqjpK3m7euAAG30Q76GJR5I6Zii4TP4uxlp0wi/orvKmT10U5cqGuR61XZy4oI4 s47I7Qm1ypVl02FwPADQ+PhAEKda1M8YYC5AXnzueIaTr5FsUDJq6v8sN6Xyd8b5 UczfS79JoCtxhRyqKUq6mgLArQT5tv5FsKCp0eIMG97ZqB+qtiEYCyf42q6cNfSQ Lvz37gpbdl87KlZbz8UGRNyjPEMFvjW5zhZSzZyfYlVt3eCSVesWAce1sAvrazqt HmDSrAo4Hm08dIpFHrlwiPAdtLwBs20s974D/7+zaqlBrFob1ZGqygeK4nFtnaUY aYrNXA+eM7HdSxShbAHkog8s39ISbLlq5Tez33MI9dhjg+JHafQUGlsnkHWI77HO BxWSMgHmn4r71LOqIQEWwzr1HdPGVFxD7eX7vngZVsISTgrrVkJarDiiDRBwzHFa 8xoGtGaFHmq2O6oEKjMZf0Jx3s2/mqm2dNM9WWtXQg/n4OSTbf2XyHmQQMoDExop X3PVCcxQcxE= =v0C6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bugs fixed (https://bugzilla.redhat.com/): 1660798 - NFSv4.2: security label of mount point shows as "unlabeled_t" for ~30 seconds after mounting 1718176 - CVE-2019-12614 kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service 1759052 - CVE-2019-15925 kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg 1760100 - CVE-2019-15917 kernel: use-after-free in drivers/bluetooth/hci_ldisc.c 1760310 - CVE-2019-16231 kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c 1760420 - CVE-2019-16233 kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c 1774946 - CVE-2019-19072 kernel: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c allows for a DoS 1774963 - CVE-2019-19068 kernel: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS 1774988 - CVE-2019-19046 kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c 1775015 - CVE-2019-19063 kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS 1775021 - CVE-2019-19062 kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS 1775097 - CVE-2019-19056 kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows to cause DoS 1777418 - CVE-2019-18808 kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c 1777449 - CVE-2019-18809 kernel: memory leak in af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c 1778762 - Please backport Jitter Entropy patches 1779594 - CVE-2019-19332 Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid 1781679 - CVE-2019-19447 kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c 1781810 - CVE-2019-19543 kernel: use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c 1783459 - CVE-2019-19524 kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free 1783534 - CVE-2019-19533 kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c 1783561 - CVE-2019-19537 kernel: race condition caused by a malicious USB device in the USB character device driver layer 1784130 - CVE-2019-19319 kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c 1786160 - CVE-2019-19767 kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c 1786179 - CVE-2019-19770 kernel: use-after-free in debugfs_remove in fs/debugfs/inode.c 1790063 - CVE-2019-20054 kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c 1802555 - CVE-2020-8649 kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c 1802559 - CVE-2020-8648 kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c 1802563 - CVE-2020-8647 kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c 1817718 - CVE-2020-10942 kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field 1819377 - CVE-2019-9458 kernel: use after free due to race condition in the video driver leads to local privilege escalation 1819399 - CVE-2019-9455 kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure 1820402 - Sometimes hit "error: kvm run failed Bad address" when launching a guest on Power8 1822077 - CVE-2020-12826 kernel: possible to send arbitrary signals to a privileged (suidroot) parent process 1823764 - RFE: Enable genfs+xattr labeling for CephFS 1824059 - CVE-2019-20636 kernel: out-of-bounds write via crafted keycode table 1824792 - CVE-2020-11668 kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c 1824918 - CVE-2020-11565 kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c 1830280 - Please enable CONFIG_RANDOM_TRUST_CPU 1831399 - CVE-2020-10732 kernel: uninitialized kernel data leak in userspace coredumps 1831699 - CVE-2020-12465 kernel: buffer overflow in mt76_add_fragment function in drivers/net/wireless/mediatek/mt76/dma.c 1832543 - CVE-2020-12655 kernel: sync of excessive duration via an XFS v5 image with crafted metadata 1832876 - CVE-2020-12659 kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data coruption 1834845 - CVE-2020-12770 kernel: sg_write function lacks an sg_remove_request call in a certain failure case 1839634 - CVE-2020-10751 kernel: SELinux netlink permission check bypass 1844520 - Incorrect pinning of IRQ threads on isolated CPUs by drivers that use cpumask_local_spread() 1846380 - CVE-2020-10773 kernel: kernel stack information leak on s390/s390x 1846964 - CVE-2020-10774 kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features 1853447 - Guest IA32_SPEC_CTRL wrmsr failure on AMD processors that support STIBP but don't support for IBRS 1856588 - Guest crashed and hung when hot unplug vcpus 1860065 - CVE-2020-0305 kernel: possible use-after-free due to a race condition in cdev_get of char_dev.c 1874311 - CVE-2020-14381 kernel: referencing inode of removed superblock in get_futex_key() causes UAF 1881424 - CVE-2020-25641 kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS 6

Trust: 2.34

sources: NVD: CVE-2020-8648 // JVNDB: JVNDB-2020-001618 // VULHUB: VHN-186773 // VULMON: CVE-2020-8648 // PACKETSTORM: 157489 // PACKETSTORM: 163026 // PACKETSTORM: 163968 // PACKETSTORM: 157480 // PACKETSTORM: 157491 // PACKETSTORM: 159814

AFFECTED PRODUCTS

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:netappmodel:hci baseboard management controllerscope:eqversion:h410c

Trust: 1.0

vendor:netappmodel:solidfire baseboard management controllerscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:lteversion:5.5.2

Trust: 1.0

vendor:broadcommodel:brocade fabric operating systemscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:eqversion:5.5.2

Trust: 0.8

sources: JVNDB: JVNDB-2020-001618 // NVD: CVE-2020-8648

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8648
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-001618
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202002-148
value: HIGH

Trust: 0.6

VULHUB: VHN-186773
value: LOW

Trust: 0.1

VULMON: CVE-2020-8648
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-8648
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-001618
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-186773
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8648
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-001618
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-186773 // VULMON: CVE-2020-8648 // JVNDB: JVNDB-2020-001618 // CNNVD: CNNVD-202002-148 // NVD: CVE-2020-8648

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.9

sources: VULHUB: VHN-186773 // JVNDB: JVNDB-2020-001618 // NVD: CVE-2020-8648

THREAT TYPE

local

Trust: 0.9

sources: PACKETSTORM: 157489 // PACKETSTORM: 157480 // PACKETSTORM: 157491 // CNNVD: CNNVD-202002-148

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202002-148

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-001618

PATCH

title:Bug 206361url:https://bugzilla.kernel.org/show_bug.cgi?id=206361

Trust: 0.8

title:Linux Kernel Archivesurl:http://www.kernel.org

Trust: 0.8

title:Amazon Linux 2: ALAS2LIVEPATCH-2020-005url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2LIVEPATCH-2020-005

Trust: 0.1

title:Amazon Linux 2: ALAS2LIVEPATCH-2020-004url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2LIVEPATCH-2020-004

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4346-1

Trust: 0.1

title:Amazon Linux 2: ALAS2LIVEPATCH-2020-006url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2LIVEPATCH-2020-006

Trust: 0.1

title:Ubuntu Security Notice: linux-gke-5.0, linux-oem-osp11 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4344-1

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.3, linux-hwe, linux-kvm, linux-raspi2, linux-raspi2-5.3 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4342-1

Trust: 0.1

title:Amazon Linux AMI: ALAS-2020-1360url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1360

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4345-1

Trust: 0.1

title:Amazon Linux 2: ALAS2-2020-1405url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1405

Trust: 0.1

title:Brocade Security Advisories: Access Deniedurl:https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories&qid=0653676430b6017016f55e261b78af9c

Trust: 0.1

title:Red Hat: Moderate: kernel-rt security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204609 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: kernel security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204431 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-4698-1 linux -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=88a848047667226a68bbe6de9bb29095

Trust: 0.1

title: - url:https://github.com/vincent-deng/veracode-container-security-finding-parser

Trust: 0.1

title:Threatposturl:https://threatpost.com/two-critical-android-bugs-rce/156216/

Trust: 0.1

sources: VULMON: CVE-2020-8648 // JVNDB: JVNDB-2020-001618

EXTERNAL IDS

db:NVDid:CVE-2020-8648

Trust: 3.3

db:JVNDBid:JVNDB-2020-001618

Trust: 0.8

db:CNNVDid:CNNVD-202002-148

Trust: 0.7

db:PACKETSTORMid:163020

Trust: 0.7

db:PACKETSTORMid:163968

Trust: 0.7

db:PACKETSTORMid:164140

Trust: 0.7

db:PACKETSTORMid:157491

Trust: 0.7

db:AUSCERTid:ESB-2020.0796

Trust: 0.6

db:AUSCERTid:ESB-2020.2039

Trust: 0.6

db:AUSCERTid:ESB-2020.1745.2

Trust: 0.6

db:AUSCERTid:ESB-2020.0719

Trust: 0.6

db:AUSCERTid:ESB-2020.1476

Trust: 0.6

db:AUSCERTid:ESB-2021.0692

Trust: 0.6

db:AUSCERTid:ESB-2020.2008

Trust: 0.6

db:AUSCERTid:ESB-2020.0772

Trust: 0.6

db:AUSCERTid:ESB-2020.1164

Trust: 0.6

db:AUSCERTid:ESB-2021.2032

Trust: 0.6

db:AUSCERTid:ESB-2020.1910

Trust: 0.6

db:AUSCERTid:ESB-2020.0908

Trust: 0.6

db:AUSCERTid:ESB-2022.6112

Trust: 0.6

db:AUSCERTid:ESB-2021.3443

Trust: 0.6

db:AUSCERTid:ESB-2021.3075

Trust: 0.6

db:AUSCERTid:ESB-2020.0797

Trust: 0.6

db:AUSCERTid:ESB-2020.1745

Trust: 0.6

db:AUSCERTid:ESB-2020.1812

Trust: 0.6

db:AUSCERTid:ESB-2020.0925

Trust: 0.6

db:AUSCERTid:ESB-2020.3888

Trust: 0.6

db:AUSCERTid:ESB-2021.2957

Trust: 0.6

db:AUSCERTid:ESB-2020.1584

Trust: 0.6

db:AUSCERTid:ESB-2021.4047

Trust: 0.6

db:AUSCERTid:ESB-2021.2180

Trust: 0.6

db:CS-HELPid:SB2021062117

Trust: 0.6

db:NSFOCUSid:45778

Trust: 0.6

db:PACKETSTORMid:163026

Trust: 0.2

db:CNVDid:CNVD-2020-04530

Trust: 0.1

db:VULHUBid:VHN-186773

Trust: 0.1

db:VULMONid:CVE-2020-8648

Trust: 0.1

db:PACKETSTORMid:157489

Trust: 0.1

db:PACKETSTORMid:157480

Trust: 0.1

db:PACKETSTORMid:159814

Trust: 0.1

sources: VULHUB: VHN-186773 // VULMON: CVE-2020-8648 // JVNDB: JVNDB-2020-001618 // PACKETSTORM: 157489 // PACKETSTORM: 163026 // PACKETSTORM: 163968 // PACKETSTORM: 157480 // PACKETSTORM: 164140 // PACKETSTORM: 157491 // PACKETSTORM: 159814 // CNNVD: CNNVD-202002-148 // NVD: CVE-2020-8648

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-8648

Trust: 2.0

url:https://usn.ubuntu.com/4346-1/

Trust: 1.9

url:https://security.netapp.com/advisory/ntap-20200924-0004/

Trust: 1.8

url:https://www.debian.org/security/2020/dsa-4698

Trust: 1.8

url:https://bugzilla.kernel.org/show_bug.cgi?id=206361

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html

Trust: 1.8

url:https://usn.ubuntu.com/4342-1/

Trust: 1.8

url:https://usn.ubuntu.com/4344-1/

Trust: 1.8

url:https://usn.ubuntu.com/4345-1/

Trust: 1.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8648

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.3888/

Trust: 0.6

url:https://vigilance.fr/vulnerability/linux-kernel-use-after-free-via-n-tty-receive-buf-common-31537

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0908/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1584/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/45778

Trust: 0.6

url:https://packetstormsecurity.com/files/157491/ubuntu-security-notice-usn-4346-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0796/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6520482

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2957

Trust: 0.6

url:https://packetstormsecurity.com/files/163968/red-hat-security-advisory-2021-3320-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0772/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2039/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.6112

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4047

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2180

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1164/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1910/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3075

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0719/

Trust: 0.6

url:https://source.android.com/security/bulletin/2020-06-01

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0925/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1745.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0797/

Trust: 0.6

url:https://packetstormsecurity.com/files/163020/red-hat-security-advisory-2021-2314-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0692

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2032

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021062117

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2008/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3443

Trust: 0.6

url:https://packetstormsecurity.com/files/164140/red-hat-security-advisory-2021-3522-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1745/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1812/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1476/

Trust: 0.6

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-8648

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-19768

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-16234

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-9383

Trust: 0.3

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-10942

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-11884

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3347

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3347

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-32399

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-32399

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-16233

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/416.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://alas.aws.amazon.com/al2/alaslivepatch-2020-005.html

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1066.70

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1059.60

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1082.92~16.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1061.65

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1038.42

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1061.65

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11668

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/4.15.0-99.100

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1038.42~16.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11609

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1080.90

Trust: 0.1

url:https://usn.ubuntu.com/4345-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1066.70~16.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-99.100~16.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11608

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1058.61

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1077.84

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12364

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12362

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12362

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12363

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12364

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27170

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27170

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12363

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2316

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3320

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/5.3.0-1016.17

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gke-5.3/5.3.0-1018.19~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-hwe/5.3.0-51.44~18.04.2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8992

Trust: 0.1

url:https://usn.ubuntu.com/4342-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/5.3.0-1023.25

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/5.3.0-1018.19

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/5.3.0-1020.21

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2-5.3/5.3.0-1023.25~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/5.3.0-51.44

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/5.3.0-1017.18

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22555

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3522

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22555

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/4.4.0-178.208

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1106.117

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1132.141

Trust: 0.1

url:https://usn.ubuntu.com/4346-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1136.144

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1070.77

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19770

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11668

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-9458

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19072

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8649

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:4431

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12655

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-9458

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15925

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19068

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19068

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20636

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15925

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19767

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18808

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18809

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19062

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20054

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12826

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18808

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19447

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-9455

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10773

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25641

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8647

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19319

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15917

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12614

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19063

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10774

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15917

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0305

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12659

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19533

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19524

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19046

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-16233

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19770

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19543

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20054

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10942

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20636

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19062

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19072

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19046

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12465

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19447

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-16231

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-16231

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14381

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19056

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19524

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12770

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19767

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19533

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18809

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19537

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-9455

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11565

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19332

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12614

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19056

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19063

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10732

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19319

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19537

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19332

Trust: 0.1

sources: VULHUB: VHN-186773 // VULMON: CVE-2020-8648 // JVNDB: JVNDB-2020-001618 // PACKETSTORM: 157489 // PACKETSTORM: 163026 // PACKETSTORM: 163968 // PACKETSTORM: 157480 // PACKETSTORM: 164140 // PACKETSTORM: 157491 // PACKETSTORM: 159814 // CNNVD: CNNVD-202002-148 // NVD: CVE-2020-8648

CREDITS

Ubuntu

Trust: 0.9

sources: PACKETSTORM: 157489 // PACKETSTORM: 157480 // PACKETSTORM: 157491 // CNNVD: CNNVD-202002-148

SOURCES

db:VULHUBid:VHN-186773
db:VULMONid:CVE-2020-8648
db:JVNDBid:JVNDB-2020-001618
db:PACKETSTORMid:157489
db:PACKETSTORMid:163026
db:PACKETSTORMid:163968
db:PACKETSTORMid:157480
db:PACKETSTORMid:164140
db:PACKETSTORMid:157491
db:PACKETSTORMid:159814
db:CNNVDid:CNNVD-202002-148
db:NVDid:CVE-2020-8648

LAST UPDATE DATE

2024-11-11T23:04:26.139000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-186773date:2022-07-28T00:00:00
db:VULMONid:CVE-2020-8648date:2022-07-28T00:00:00
db:JVNDBid:JVNDB-2020-001618date:2020-02-19T00:00:00
db:CNNVDid:CNNVD-202002-148date:2022-11-24T00:00:00
db:NVDid:CVE-2020-8648date:2022-07-28T00:08:45.217

SOURCES RELEASE DATE

db:VULHUBid:VHN-186773date:2020-02-06T00:00:00
db:VULMONid:CVE-2020-8648date:2020-02-06T00:00:00
db:JVNDBid:JVNDB-2020-001618date:2020-02-19T00:00:00
db:PACKETSTORMid:157489date:2020-04-29T15:56:59
db:PACKETSTORMid:163026date:2021-06-09T13:19:21
db:PACKETSTORMid:163968date:2021-08-31T15:57:21
db:PACKETSTORMid:157480date:2020-04-29T15:46:39
db:PACKETSTORMid:164140date:2021-09-14T15:55:54
db:PACKETSTORMid:157491date:2020-04-29T15:58:35
db:PACKETSTORMid:159814date:2020-11-04T15:23:46
db:CNNVDid:CNNVD-202002-148date:2020-02-05T00:00:00
db:NVDid:CVE-2020-8648date:2020-02-06T01:15:10.890