Vulnerabilities > CVE-2020-12770
Attack vector
LOCAL Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
Vulnerable Configurations
Nessus
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-1_0-0297_LINUX.NASL description An update of the linux package has been released. last seen 2020-06-12 modified 2020-06-10 plugin id 137323 published 2020-06-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137323 title Photon OS 1.0: Linux PHSA-2020-1.0-0297 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-3_0-0100_LINUX.NASL description An update of the linux package has been released. last seen 2020-06-10 modified 2020-06-06 plugin id 137190 published 2020-06-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137190 title Photon OS 3.0: Linux PHSA-2020-3.0-0100 NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1592.NASL description According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel last seen 2020-06-11 modified 2020-05-26 plugin id 136870 published 2020-05-26 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136870 title EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1592) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2020-1377.NASL description In the Linux kernel 5.0.21, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call.(CVE-2019-19319) In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).(CVE-2019-19768) A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.(CVE-2020-10751) An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.(CVE-2020-12770) A flaw was found in the Linux kernel last seen 2020-06-10 modified 2020-06-04 plugin id 137100 published 2020-06-04 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137100 title Amazon Linux AMI : kernel (ALAS-2020-1377) NASL family Fedora Local Security Checks NASL id FEDORA_2020-C6B9FFF7F8.NASL description The 5.6.13 stable kernel update contains a number of important fixes across the tree ---- The 5.6.12 stable update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-31 modified 2020-05-20 plugin id 136725 published 2020-05-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136725 title Fedora 31 : kernel (2020-c6b9fff7f8) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2241.NASL description This update is now available for all supported architectures. For reference the original advisory text follows. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-8839 A race condition was found in the ext4 filesystem implementation. A local user could exploit this to cause a denial of service (filesystem corruption). CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613 Wen Xu from SSLab at Gatech reported that crafted Btrfs volumes could trigger a crash (Oops) and/or out-of-bounds memory access. An attacker able to mount such a volume could use this to cause a denial of service or possibly for privilege escalation. CVE-2019-5108 Mitchell Frank of Cisco discovered that when the IEEE 802.11 (WiFi) stack was used in AP mode with roaming, it would trigger roaming for a newly associated station before the station was authenticated. An attacker within range of the AP could use this to cause a denial of service, either by filling up a switching table or by redirecting traffic away from other stations. CVE-2019-19319 Jungyeon discovered that a crafted filesystem can cause the ext4 implementation to deallocate or reallocate journal blocks. A user permitted to mount filesystems could use this to cause a denial of service (crash), or possibly for privilege escalation. CVE-2019-19447 It was discovered that the ext4 filesystem driver did not safely handle unlinking of an inode that, due to filesystem corruption, already has a link count of 0. An attacker able to mount arbitrary ext4 volumes could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2019-19768 Tristan Madani reported a race condition in the blktrace debug facility that could result in a use-after-free. A local user able to trigger removal of block devices could possibly use this to cause a denial of service (crash) or for privilege escalation. CVE-2019-20636 The syzbot tool found that the input subsystem did not fully validate keycode changes, which could result in a heap out-of-bounds write. A local user permitted to access the device node for an input or VT device could possibly use this to cause a denial of service (crash or memory corruption) or for privilege escalation. CVE-2020-0009 Jann Horn reported that the Android ashmem driver did not prevent read-only files from being memory-mapped and then remapped as read-write. However, Android drivers are not enabled in Debian kernel configurations. CVE-2020-0543 Researchers at VU Amsterdam discovered that on some Intel CPUs supporting the RDRAND and RDSEED instructions, part of a random value generated by these instructions may be used in a later speculative execution on any core of the same physical CPU. Depending on how these instructions are used by applications, a local user or VM guest could use this to obtain sensitive information such as cryptographic keys from other users or VMs. This vulnerability can be mitigated by a microcode update, either as part of system firmware (BIOS) or through the intel-microcode package in Debian last seen 2020-06-13 modified 2020-06-10 plugin id 137283 published 2020-06-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137283 title Debian DLA-2241-2 : linux security update NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2242.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-2182 Hanjun Guo and Lei Li reported a race condition in the arm64 virtual memory management code, which could lead to an information disclosure, denial of service (crash), or possibly privilege escalation. CVE-2019-5108 Mitchell Frank of Cisco discovered that when the IEEE 802.11 (WiFi) stack was used in AP mode with roaming, it would trigger roaming for a newly associated station before the station was authenticated. An attacker within range of the AP could use this to cause a denial of service, either by filling up a switching table or by redirecting traffic away from other stations. CVE-2019-19319 Jungyeon discovered that a crafted filesystem can cause the ext4 implementation to deallocate or reallocate journal blocks. A user permitted to mount filesystems could use this to cause a denial of service (crash), or possibly for privilege escalation. CVE-2019-19462 The syzbot tool found a missing error check in the last seen 2020-06-12 modified 2020-06-11 plugin id 137339 published 2020-06-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137339 title Debian DLA-2242-1 : linux-4.9 security update NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-2_0-0246_LINUX.NASL description An update of the linux package has been released. last seen 2020-06-12 modified 2020-06-11 plugin id 137328 published 2020-06-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137328 title Photon OS 2.0: Linux PHSA-2020-2.0-0246 NASL family Fedora Local Security Checks NASL id FEDORA_2020-5A69DECC0C.NASL description The 5.6.13 stable kernel update contains a number of important fixes across the tree ---- The 5.6.12 stable update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-31 modified 2020-05-20 plugin id 136722 published 2020-05-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136722 title Fedora 30 : kernel (2020-5a69decc0c) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2020-1431.NASL description In the Linux kernel 5.0.21, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call.(CVE-2019-19319) In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).(CVE-2019-19768) A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.(CVE-2020-10751) An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.(CVE-2020-12770) A flaw was found in the Linux kernel last seen 2020-06-10 modified 2020-06-04 plugin id 137088 published 2020-06-04 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137088 title Amazon Linux 2 : kernel (ALAS-2020-1431) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4698.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2019-2182 Hanjun Guo and Lei Li reported a race condition in the arm64 virtual memory management code, which could lead to an information disclosure, denial of service (crash), or possibly privilege escalation. - CVE-2019-5108 Mitchell Frank of Cisco discovered that when the IEEE 802.11 (WiFi) stack was used in AP mode with roaming, it would trigger roaming for a newly associated station before the station was authenticated. An attacker within range of the AP could use this to cause a denial of service, either by filling up a switching table or by redirecting traffic away from other stations. - CVE-2019-19319 Jungyeon discovered that a crafted filesystem can cause the ext4 implementation to deallocate or reallocate journal blocks. A user permitted to mount filesystems could use this to cause a denial of service (crash), or possibly for privilege escalation. - CVE-2019-19462 The syzbot tool found a missing error check in the last seen 2020-06-12 modified 2020-06-11 plugin id 137340 published 2020-06-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137340 title Debian DSA-4698-1 : linux - security update NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4699.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2019-3016 It was discovered that the KVM implementation for x86 did not always perform TLB flushes when needed, if the paravirtualised TLB flush feature was enabled. This could lead to disclosure of sensitive information within a guest VM. - CVE-2019-19462 The syzkaller tool found a missing error check in the last seen 2020-06-12 modified 2020-06-11 plugin id 137341 published 2020-06-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137341 title Debian DSA-4699-1 : linux - security update NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2020-163-01.NASL description New kernel packages are available for Slackware 14.2 to fix security issues. last seen 2020-06-13 modified 2020-06-12 plugin id 137391 published 2020-06-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137391 title Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-163-01)
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee
- https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/
- https://lkml.org/lkml/2020/4/13/870
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://usn.ubuntu.com/4411-1/
- https://usn.ubuntu.com/4412-1/
- https://usn.ubuntu.com/4413-1/
- https://usn.ubuntu.com/4414-1/
- https://usn.ubuntu.com/4419-1/
- https://www.debian.org/security/2020/dsa-4698
- https://www.debian.org/security/2020/dsa-4699
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee
- https://www.debian.org/security/2020/dsa-4699
- https://www.debian.org/security/2020/dsa-4698
- https://usn.ubuntu.com/4419-1/
- https://usn.ubuntu.com/4414-1/
- https://usn.ubuntu.com/4413-1/
- https://usn.ubuntu.com/4412-1/
- https://usn.ubuntu.com/4411-1/
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://lkml.org/lkml/2020/4/13/870
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/
- https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html