ID

VAR-202103-0287


CVE

CVE-2020-35508


TITLE

Linux kernel Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202102-1668

DESCRIPTION

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2021:1739-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1739 Issue date: 2021-05-18 CVE Names: CVE-2019-19523 CVE-2019-19528 CVE-2020-0431 CVE-2020-11608 CVE-2020-12114 CVE-2020-12362 CVE-2020-12464 CVE-2020-14314 CVE-2020-14356 CVE-2020-15437 CVE-2020-24394 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25643 CVE-2020-25704 CVE-2020-27786 CVE-2020-27835 CVE-2020-28974 CVE-2020-35508 CVE-2021-0342 ==================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Real Time (v. 8) - x86_64 Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362) * kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523) * kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (CVE-2019-19528) * kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431) * kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114) * kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464) * kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314) * kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356) * kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c (CVE-2020-15437) * kernel: umask not applied on filesystem without ACL support (CVE-2020-24394) * kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212) * kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284) * kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285) * kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643) * kernel: perf_event_parse_addr_filter memory (CVE-2020-25704) * kernel: use-after-free in kernel midi subsystem (CVE-2020-27786) * kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835) * kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974) * kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting - ->real_parent (CVE-2020-35508) * kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege (CVE-2021-0342) * kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1783434 - CVE-2019-19523 kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver 1783507 - CVE-2019-19528 kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver 1831726 - CVE-2020-12464 kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c 1833445 - CVE-2020-11608 kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c 1848652 - CVE-2020-12114 kernel: DoS by corrupting mountpoint reference counter 1853922 - CVE-2020-14314 kernel: buffer uses out of index in ext3/4 filesystem 1868453 - CVE-2020-14356 kernel: Use After Free vulnerability in cgroup BPF component 1869141 - CVE-2020-24394 kernel: umask not applied on filesystem without ACL support 1877575 - CVE-2020-25212 kernel: TOCTOU mismatch in the NFS client code 1879981 - CVE-2020-25643 kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow 1882591 - CVE-2020-25285 kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c 1882594 - CVE-2020-25284 kernel: incomplete permission checking for access to rbd devices 1886109 - BUG: using smp_processor_id() in preemptible [00000000] code: handler106/3082 [rhel-rt-8.4.0] 1894793 - After configure hugepage and reboot test server, kernel got panic status. 1895961 - CVE-2020-25704 kernel: perf_event_parse_addr_filter memory 1896842 - host locks up when running stress-ng itimers on RT kernel. 1897869 - Running oslat in RT guest, guest kernel shows Call Trace: INFO: task kcompactd0:35 blocked for more than 600 seconds. 1900933 - CVE-2020-27786 kernel: use-after-free in kernel midi subsystem 1901161 - CVE-2020-15437 kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c 1901709 - CVE-2020-27835 kernel: child process is able to access parent mm through hfi dev file handle 1902724 - CVE-2020-35508 kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent 1903126 - CVE-2020-28974 kernel: slab-out-of-bounds read in fbcon 1915799 - CVE-2021-0342 kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege 1919889 - CVE-2020-0431 kernel: possible out of bounds write in kbd_keycode of keyboard.c 1930246 - CVE-2020-12362 kernel: Integer overflow in Intel(R) Graphics Drivers 6. Package List: Red Hat Enterprise Linux Real Time for NFV (v. 8): Source: kernel-rt-4.18.0-305.rt7.72.el8.src.rpm x86_64: kernel-rt-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-core-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-core-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-devel-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-kvm-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-modules-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-devel-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-kvm-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-modules-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm Red Hat Enterprise Linux Real Time (v. 8): Source: kernel-rt-4.18.0-305.rt7.72.el8.src.rpm x86_64: kernel-rt-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-core-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-core-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-devel-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-modules-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-devel-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-modules-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYKPwgNzjgjWX9erEAQiOVg//YfXIKUxc84y2aRexvrPHeTQvYkFMktq7 NEhNhHqEZbDUabM5+eKb5hoyG44PmXvQuK1njYjEbpTjQss92U8fekGJZAR9Zbsl WEfVcu/ix/UJOzQj/lp+dKhirBSE/33xgBmSsQI6JQc+xn1AoZC8bOeSqyr7J6Y7 t6I552Llhun9DDUGS8KYAM8PkrK3RGQybAS3S4atTdYd0qk42ZPF7/XqrbI7G4iq 0Oe+ZePj6lN1O7pHV0WYUD2yzLTCZZopmz5847BLBEbGLqPyxlShZ+MFGsWxCOHk tW8lw/nqVt/MNlOXI1tD6P6iFZ6JQYrRU5mGFlvsl3t9NQW60MxmcUNPgtVknXW5 BssBM/r6uLi0yFTTnDRZnv2MCs7fIzzqKXOHozrCvItswG6S8Qs72MaW2EQHAEen m7/fMKWTjt9CQudNCm/FwHLb8O9cYnOZwRiAINomo2B/Fi1b7WlquETSmjgQaQNr RxqtgiNQ98q92gnFgC8pCzxmiKRmHLFJEuxXYVq0O8Ch5i/eC8ExoO7Hqe6kYnJe ZaST6fAtb2bMDcPdborfSIUmuDcYdKFtcEfCuuFZIbBxnL2aJDMw0zen/rmDNQyV lwwXoKanoP5EjKKFMc/zkeHlOInMzeHa/0DIlA9h3kpro5eGN0uOPZvsrlryjC+J iJzkORGWplM\xfb/D -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1328 - Port fix to 5.0.z for BZ-1945168 6. Bug Fix(es): * kernel-rt: update RT source tree to the latest RHEL-8.2.z10 Batch source tree (BZ#1968022) 4. Bug Fix(es): * RHEL8.2 Snapshot2 - tpm: ibmvtpm: Wait for buffer to be set before proceeding (BZ#1933986) * fnic crash from invalid request pointer (BZ#1961707) * [Azure][RHEL8.4] Two Patches Needed To Enable Azure Host Time-syncing in VMs (BZ#1963051) * RHEL kernel 8.2 and higher are affected by data corruption bug in raid1 arrays using bitmaps. (BZ#1969338) 4. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.13. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2021:2122 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html This update fixes the following bug among others: * Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238) Security Fix(es): * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64 The image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4 (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x The image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le The image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36 All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor 3. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled" 1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list 1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits 1959238 - CVO creating cloud-controller-manager too early causing upgrade failures 1960103 - SR-IOV obliviously reboot the node 1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1962302 - packageserver clusteroperator does not set reason or message for Available condition 1962312 - Deployment considered unhealthy despite being available and at latest generation 1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1963115 - Test verify /run filesystem contents failing 5. ========================================================================== Ubuntu Security Notice USN-4752-1 February 25, 2021 linux-oem-5.6 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-oem-5.6: Linux kernel for OEM systems Details: Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. (CVE-2020-10135) Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-14314) It was discovered that the block layer implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-15436) It was discovered that the serial port driver in the Linux kernel did not properly initialize a pointer in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2020-15437) Andy Nguyen discovered that the Bluetooth HCI event packet parser in the Linux kernel did not properly handle event advertisements of certain sizes, leading to a heap-based buffer overflow. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-24490) It was discovered that the NFS client implementation in the Linux kernel did not properly perform bounds checking before copying security labels in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25212) It was discovered that the Rados block device (rbd) driver in the Linux kernel did not properly perform privilege checks for access to rbd devices in some situations. A local attacker could use this to map or unmap rbd block devices. (CVE-2020-25284) It was discovered that the block layer subsystem in the Linux kernel did not properly handle zero-length requests. A local attacker could use this to cause a denial of service. (CVE-2020-25641) It was discovered that the HDLC PPP implementation in the Linux kernel did not properly validate input in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25643) Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2020-25704) It was discovered that the KVM hypervisor in the Linux kernel did not properly handle interrupts in certain situations. A local attacker in a guest VM could possibly use this to cause a denial of service (host system crash). (CVE-2020-27152) It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service (system crash). (CVE-2020-27815) It was discovered that an information leak existed in the syscall implementation in the Linux kernel on 32 bit systems. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-28588) It was discovered that the framebuffer implementation in the Linux kernel did not properly perform range checks in certain situations. A local attacker could use this to expose sensitive information (kernel memory). A local attacker could use this to gain unintended write access to read-only memory pages. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-29369) Jann Horn discovered that the romfs file system in the Linux kernel did not properly validate file system meta-data, leading to an out-of-bounds read. An attacker could use this to construct a malicious romfs image that, when mounted, exposed sensitive information (kernel memory). (CVE-2020-29371) Jann Horn discovered that the tty subsystem of the Linux kernel did not use consistent locking in some situations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-29660) Jann Horn discovered a race condition in the tty subsystem of the Linux kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-35508) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: linux-image-5.6.0-1048-oem 5.6.0-1048.52 linux-image-oem-20.04 5.6.0.1048.44 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4752-1 CVE-2020-10135, CVE-2020-14314, CVE-2020-15436, CVE-2020-15437, CVE-2020-24490, CVE-2020-25212, CVE-2020-25284, CVE-2020-25641, CVE-2020-25643, CVE-2020-25704, CVE-2020-27152, CVE-2020-27815, CVE-2020-28588, CVE-2020-28915, CVE-2020-29368, CVE-2020-29369, CVE-2020-29371, CVE-2020-29660, CVE-2020-29661, CVE-2020-35508 Package Information: https://launchpad.net/ubuntu/+source/linux-oem-5.6/5.6.0-1048.52

Trust: 1.8

sources: NVD: CVE-2020-35508 // VULHUB: VHN-377704 // VULMON: CVE-2020-35508 // PACKETSTORM: 162654 // PACKETSTORM: 162626 // PACKETSTORM: 162837 // PACKETSTORM: 163584 // PACKETSTORM: 163589 // PACKETSTORM: 162877 // PACKETSTORM: 161556 // PACKETSTORM: 161555

AFFECTED PRODUCTS

vendor:netappmodel:h700escope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:eqversion:5.12

Trust: 1.0

vendor:netappmodel:h410cscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h500escope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:8.0

Trust: 1.0

vendor:netappmodel:h610cscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h300sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:aff a400scope:eqversion: -

Trust: 1.0

vendor:netappmodel:h410sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h500sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h700sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:fas8700scope:eqversion: -

Trust: 1.0

vendor:netappmodel:a700sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h300escope:eqversion: -

Trust: 1.0

vendor:netappmodel:fas8300scope:eqversion: -

Trust: 1.0

vendor:netappmodel:h610sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:brocade fabric operating systemscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h615cscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.12

Trust: 1.0

sources: NVD: CVE-2020-35508

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-35508
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202102-1668
value: MEDIUM

Trust: 0.6

VULHUB: VHN-377704
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-35508
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-35508
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-377704
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-35508
baseSeverity: MEDIUM
baseScore: 4.5
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.0
impactScore: 3.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-377704 // VULMON: CVE-2020-35508 // CNNVD: CNNVD-202102-1668 // NVD: CVE-2020-35508

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.1

problemtype:CWE-665

Trust: 1.1

sources: VULHUB: VHN-377704 // NVD: CVE-2020-35508

THREAT TYPE

local

Trust: 0.8

sources: PACKETSTORM: 161556 // PACKETSTORM: 161555 // CNNVD: CNNVD-202102-1668

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-1668

PATCH

title:IBM: Security Bulletin: Vulnerabilities in the Linux Kernel, Samba, Sudo, Python, and tcmu-runner affect IBM Spectrum Protect Plusurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=ddbe78143bb073890c2ecb87b35850bf

Trust: 0.1

sources: VULMON: CVE-2020-35508

EXTERNAL IDS

db:NVDid:CVE-2020-35508

Trust: 2.6

db:PACKETSTORMid:162626

Trust: 0.8

db:PACKETSTORMid:161556

Trust: 0.8

db:CNNVDid:CNNVD-202102-1668

Trust: 0.7

db:PACKETSTORMid:163584

Trust: 0.7

db:CS-HELPid:SB2021072252

Trust: 0.6

db:CS-HELPid:SB2021122404

Trust: 0.6

db:AUSCERTid:ESB-2021.0717

Trust: 0.6

db:AUSCERTid:ESB-2021.1820

Trust: 0.6

db:AUSCERTid:ESB-2021.1866

Trust: 0.6

db:AUSCERTid:ESB-2021.1732

Trust: 0.6

db:AUSCERTid:ESB-2021.2439

Trust: 0.6

db:AUSCERTid:ESB-2021.1688

Trust: 0.6

db:PACKETSTORMid:161555

Trust: 0.2

db:PACKETSTORMid:162654

Trust: 0.2

db:VULHUBid:VHN-377704

Trust: 0.1

db:VULMONid:CVE-2020-35508

Trust: 0.1

db:PACKETSTORMid:162837

Trust: 0.1

db:PACKETSTORMid:163589

Trust: 0.1

db:PACKETSTORMid:162877

Trust: 0.1

sources: VULHUB: VHN-377704 // VULMON: CVE-2020-35508 // PACKETSTORM: 162654 // PACKETSTORM: 162626 // PACKETSTORM: 162837 // PACKETSTORM: 163584 // PACKETSTORM: 163589 // PACKETSTORM: 162877 // PACKETSTORM: 161556 // PACKETSTORM: 161555 // CNNVD: CNNVD-202102-1668 // NVD: CVE-2020-35508

REFERENCES

url:https://bugzilla.redhat.com/show_bug.cgi?id=1902724

Trust: 1.8

url:https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20210513-0006/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-35508

Trust: 1.2

url:https://access.redhat.com/security/cve/cve-2020-35508

Trust: 1.2

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-the-linux-kernel-samba-sudo-python-and-tcmu-runner-affect-ibm-spectrum-protect-plus/

Trust: 0.7

url:https://access.redhat.com/errata/rhsa-2021:1739

Trust: 0.7

url:https://access.redhat.com/errata/rhsa-2021:1578

Trust: 0.7

url:https://access.redhat.com/errata/rhsa-2021:2719

Trust: 0.7

url:https://access.redhat.com/errata/rhsa-2021:2718

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-25704

Trust: 0.6

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-25704

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072252

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0717

Trust: 0.6

url:https://vigilance.fr/vulnerability/linux-kernel-privilege-escalation-via-signal-sending-34683

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1866

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1688

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1732

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1820

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2439

Trust: 0.6

url:https://packetstormsecurity.com/files/162626/red-hat-security-advisory-2021-1578-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/163584/red-hat-security-advisory-2021-2719-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/161556/ubuntu-security-notice-usn-4752-1.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021122404

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-12114

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-19528

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-12464

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-14314

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-19523

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-12362

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-0431

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-25285

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-12114

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-12362

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-25212

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-19523

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-28974

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-14356

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-27835

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-15437

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-25284

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-27786

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-14314

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-25643

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-11608

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-11608

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-24394

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-0431

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-0342

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-12464

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-19528

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-25212

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-25643

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-25284

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-14356

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-28974

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-27835

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-15437

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-36322

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-18811

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-18811

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-24394

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-0342

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-25285

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-27786

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14347

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-8286

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-28196

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-15358

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-25712

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13543

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9951

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13434

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-3842

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13776

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24977

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-8231

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3121

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10878

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-29362

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9948

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13012

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-8285

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-10228

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-9169

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26116

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14363

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13584

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26137

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-25013

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14360

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-29361

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-27619

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9983

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3177

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-9169

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3326

Trust: 0.2

url:https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-25013

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-2708

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14345

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14344

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23336

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14362

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14361

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-8927

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10543

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-29363

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10543

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-3842

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13012

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14346

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-2708

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-10228

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10878

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-8284

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-27618

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-33909

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-33034

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33909

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26541

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-26541

Trust: 0.2

url:https://access.redhat.com/security/vulnerabilities/rhsb-2021-006

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33034

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-29660

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-29661

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-27815

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-28588

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/665.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36322

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14346

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20305

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13776

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13434

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14345

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13543

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13584

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14347

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14360

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2136

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14344

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25039

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15586

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/updating/updating-cluster

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25037

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36242

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25037

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28935

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25034

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-16845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25035

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14866

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25038

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14866

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21645

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25040

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27783

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24330

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25042

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25042

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25038

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25659

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25041

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25036

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21643

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25215

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24331

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25036

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30465

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25035

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21644

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2121

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24332

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25039

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25040

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25041

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21642

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25034

Trust: 0.1

url:https://usn.ubuntu.com/4752-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15436

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24490

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10135

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25641

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oem-5.6/5.6.0-1048.52

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29369

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27152

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28915

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29371

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29368

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27673

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25656

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-hwe-5.8/5.8.0-44.50~20.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27777

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29568

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25668

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27675

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25669

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1019.21

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/5.8.0-1023.24

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1024.26

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi/5.8.0-1016.19

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1021.22

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27830

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/5.8.0-44.50

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29569

Trust: 0.1

url:https://usn.ubuntu.com/4751-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1023.25

Trust: 0.1

sources: VULHUB: VHN-377704 // VULMON: CVE-2020-35508 // PACKETSTORM: 162654 // PACKETSTORM: 162626 // PACKETSTORM: 162837 // PACKETSTORM: 163584 // PACKETSTORM: 163589 // PACKETSTORM: 162877 // PACKETSTORM: 161556 // PACKETSTORM: 161555 // CNNVD: CNNVD-202102-1668 // NVD: CVE-2020-35508

CREDITS

Red Hat

Trust: 1.2

sources: PACKETSTORM: 162654 // PACKETSTORM: 162626 // PACKETSTORM: 162837 // PACKETSTORM: 163584 // PACKETSTORM: 163589 // PACKETSTORM: 162877 // CNNVD: CNNVD-202102-1668

SOURCES

db:VULHUBid:VHN-377704
db:VULMONid:CVE-2020-35508
db:PACKETSTORMid:162654
db:PACKETSTORMid:162626
db:PACKETSTORMid:162837
db:PACKETSTORMid:163584
db:PACKETSTORMid:163589
db:PACKETSTORMid:162877
db:PACKETSTORMid:161556
db:PACKETSTORMid:161555
db:CNNVDid:CNNVD-202102-1668
db:NVDid:CVE-2020-35508

LAST UPDATE DATE

2024-11-20T19:44:24.509000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-377704date:2023-02-12T00:00:00
db:VULMONid:CVE-2020-35508date:2021-04-12T00:00:00
db:CNNVDid:CNNVD-202102-1668date:2023-02-03T00:00:00
db:NVDid:CVE-2020-35508date:2023-02-12T23:41:00.150

SOURCES RELEASE DATE

db:VULHUBid:VHN-377704date:2021-03-26T00:00:00
db:VULMONid:CVE-2020-35508date:2021-03-26T00:00:00
db:PACKETSTORMid:162654date:2021-05-19T14:06:16
db:PACKETSTORMid:162626date:2021-05-19T13:56:20
db:PACKETSTORMid:162837date:2021-05-27T13:28:54
db:PACKETSTORMid:163584date:2021-07-21T16:02:50
db:PACKETSTORMid:163589date:2021-07-21T16:03:31
db:PACKETSTORMid:162877date:2021-06-01T14:45:29
db:PACKETSTORMid:161556date:2021-02-25T15:31:12
db:PACKETSTORMid:161555date:2021-02-25T15:31:02
db:CNNVDid:CNNVD-202102-1668date:2021-02-25T00:00:00
db:NVDid:CVE-2020-35508date:2021-03-26T17:15:12.203