Vulnerabilities > CVE-2020-1749 - Cleartext Transmission of Sensitive Information vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
linux
redhat
CWE-319
nessus
NVD
Published: 2020-09-09
Updated: 2023-11-07

Summary

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

Vulnerable Configurations

Part Description Count
OS
Linux
1
OS
Redhat
2

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Session Sidejacking
    Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Harvesting Usernames or UserIDs via Application API Event Monitoring
    An attacker hosts an event within an application framework and then monitors the data exchanged during the course of the event for the purpose of harvesting any important data leaked during the transactions. One example could be harvesting lists of usernames or userIDs for the purpose of sending spam messages to those users. One example of this type of attack involves the attacker creating an event within the sub-application. Assume the attacker hosts a "virtual sale" of rare items. As other users enter the event, the attacker records via MITM proxy the user_ids and usernames of everyone who attends. The attacker would then be able to spam those users within the application using an automated script.
  • Signature Spoofing by Mixing Signed and Unsigned Content
    An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.
  • Passively Sniff and Capture Application Code Bound for Authorized Client
    Attackers can capture application code bound for the client and can use it, as-is or through reverse-engineering, to glean sensitive information or exploit the trust relationship between the client and server. Such code may belong to a dynamic update to the client, a patch being applied to a client component or any such interaction where the client is authorized to communicate with the server.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4391-1.NASL
    descriptionIt was discovered that the ext4 file system implementation in the Linux kernel did not properly handle setxattr operations in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19319) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) It was discovered that the USB susbsystem
    last seen2020-06-13
    modified2020-06-10
    plugin id137301
    published2020-06-10
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137301
    titleUbuntu 16.04 LTS : linux, linux-aws, linux-kvm vulnerabilities (USN-4391-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1769.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1769 advisory. - kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871) - Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639) - kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure (CVE-2019-15090) - kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash (CVE-2019-15099) - kernel: Null pointer dereference in the sound/usb/line6/pcm.c (CVE-2019-15221) - kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol. (CVE-2019-17053) - kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. (CVE-2019-17055) - kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805) - kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS (CVE-2019-19057) - kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS) (CVE-2019-19073) - kernel: a memory leak in the ath9k management function in allows local DoS (CVE-2019-19074) - kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534) - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) - kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications (CVE-2019-19922) - kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service (CVE-2019-8980) - kernel: some ipv6 protocols not encrypted over ipsec tunnel. (CVE-2020-1749) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-03
    modified2020-04-29
    plugin id136115
    published2020-04-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136115
    titleRHEL 8 : kernel (RHSA-2020:1769)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4388-1.NASL
    descriptionIt was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) It was discovered that the USB susbsystem
    last seen2020-06-13
    modified2020-06-10
    plugin id137298
    published2020-06-10
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137298
    titleUbuntu 18.04 LTS : linux-gke-5.0, linux-oem-osp1 vulnerabilities (USN-4388-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2020-1377.NASL
    descriptionIn the Linux kernel 5.0.21, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call.(CVE-2019-19319) In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).(CVE-2019-19768) A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.(CVE-2020-10751) An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.(CVE-2020-12770) A flaw was found in the Linux kernel
    last seen2020-06-10
    modified2020-06-04
    plugin id137100
    published2020-06-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137100
    titleAmazon Linux AMI : kernel (ALAS-2020-1377)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1508.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.(CVE-2020-0067) - An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd.(CVE-2020-11669) - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.(CVE-2020-11668) - In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.(CVE-2019-20636) - An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d.(CVE-2020-11608) - An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93.(CVE-2020-11609) - A flaw was found in the Linux kernel
    last seen2020-05-03
    modified2020-04-20
    plugin id135741
    published2020-04-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135741
    titleEulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1508)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1567.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1567 advisory. - kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871) - Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639) - kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure (CVE-2019-15090) - kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash (CVE-2019-15099) - kernel: Null pointer dereference in the sound/usb/line6/pcm.c (CVE-2019-15221) - kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol. (CVE-2019-17053) - kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. (CVE-2019-17055) - kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805) - kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS (CVE-2019-19057) - kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS) (CVE-2019-19073) - kernel: a memory leak in the ath9k management function in allows local DoS (CVE-2019-19074) - kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534) - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) - kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications (CVE-2019-19922) - kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service (CVE-2019-8980) - kernel: some ipv6 protocols not encrypted over ipsec tunnel. (CVE-2020-1749) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-03
    modified2020-04-29
    plugin id136116
    published2020-04-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136116
    titleRHEL 8 : kernel-rt (RHSA-2020:1567)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1536.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.(CVE-2019-19536) - In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.(CVE-2019-19535) - vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a.(CVE-2019-19252) - In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122.(CVE-2019-19227) - A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.(CVE-2019-19060) - In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.(CVE-2019-19534) - In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41.(CVE-2019-19529) - In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098.(CVE-2019-19526) - In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035.(CVE-2019-19525) - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c.(CVE-2019-19532) - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.(CVE-2019-19527) - ** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported.(CVE-2019-11191) - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.(CVE-2019-19524) - drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16232) - drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16231) - ** DISPUTED ** drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id.(CVE-2019-16229) - Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.(CVE-2019-10220) - A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.(CVE-2019-14901) - The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.(CVE-2019-19767) - A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2019-14895) - Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a Transaction Asynchronous Abort (TAA) h/w issue in KVM. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.(CVE-2019-19338) - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.(CVE-2019-11135) - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel
    last seen2020-05-08
    modified2020-05-01
    plugin id136239
    published2020-05-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136239
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2020-1536)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2241.NASL
    descriptionThis update is now available for all supported architectures. For reference the original advisory text follows. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-8839 A race condition was found in the ext4 filesystem implementation. A local user could exploit this to cause a denial of service (filesystem corruption). CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613 Wen Xu from SSLab at Gatech reported that crafted Btrfs volumes could trigger a crash (Oops) and/or out-of-bounds memory access. An attacker able to mount such a volume could use this to cause a denial of service or possibly for privilege escalation. CVE-2019-5108 Mitchell Frank of Cisco discovered that when the IEEE 802.11 (WiFi) stack was used in AP mode with roaming, it would trigger roaming for a newly associated station before the station was authenticated. An attacker within range of the AP could use this to cause a denial of service, either by filling up a switching table or by redirecting traffic away from other stations. CVE-2019-19319 Jungyeon discovered that a crafted filesystem can cause the ext4 implementation to deallocate or reallocate journal blocks. A user permitted to mount filesystems could use this to cause a denial of service (crash), or possibly for privilege escalation. CVE-2019-19447 It was discovered that the ext4 filesystem driver did not safely handle unlinking of an inode that, due to filesystem corruption, already has a link count of 0. An attacker able to mount arbitrary ext4 volumes could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2019-19768 Tristan Madani reported a race condition in the blktrace debug facility that could result in a use-after-free. A local user able to trigger removal of block devices could possibly use this to cause a denial of service (crash) or for privilege escalation. CVE-2019-20636 The syzbot tool found that the input subsystem did not fully validate keycode changes, which could result in a heap out-of-bounds write. A local user permitted to access the device node for an input or VT device could possibly use this to cause a denial of service (crash or memory corruption) or for privilege escalation. CVE-2020-0009 Jann Horn reported that the Android ashmem driver did not prevent read-only files from being memory-mapped and then remapped as read-write. However, Android drivers are not enabled in Debian kernel configurations. CVE-2020-0543 Researchers at VU Amsterdam discovered that on some Intel CPUs supporting the RDRAND and RDSEED instructions, part of a random value generated by these instructions may be used in a later speculative execution on any core of the same physical CPU. Depending on how these instructions are used by applications, a local user or VM guest could use this to obtain sensitive information such as cryptographic keys from other users or VMs. This vulnerability can be mitigated by a microcode update, either as part of system firmware (BIOS) or through the intel-microcode package in Debian
    last seen2020-06-13
    modified2020-06-10
    plugin id137283
    published2020-06-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137283
    titleDebian DLA-2241-2 : linux security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4390-1.NASL
    descriptionIt was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) It was discovered that the USB susbsystem
    last seen2020-06-13
    modified2020-06-10
    plugin id137300
    published2020-06-10
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137300
    titleUbuntu 16.04 LTS / 18.04 LTS : linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, (USN-4390-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2020-1431.NASL
    descriptionIn the Linux kernel 5.0.21, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call.(CVE-2019-19319) In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).(CVE-2019-19768) A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.(CVE-2020-10751) An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.(CVE-2020-12770) A flaw was found in the Linux kernel
    last seen2020-06-10
    modified2020-06-04
    plugin id137088
    published2020-06-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137088
    titleAmazon Linux 2 : kernel (ALAS-2020-1431)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0868-1.NASL
    descriptionThis update for the Linux Kernel 3.12.74-60_64_124 fixes several issues. The following security issues were fixed : CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel (bsc#1165631) CVE-2019-5108: Fixed an issue where by triggering AP to send IAPP location updates for stations before the required authentication process has completed could have led to denial-of-service (bsc#1159913). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-10
    modified2020-04-06
    plugin id135224
    published2020-04-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135224
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2020:0868-1)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2020-163-01.NASL
    descriptionNew kernel packages are available for Slackware 14.2 to fix security issues.
    last seen2020-06-13
    modified2020-06-12
    plugin id137391
    published2020-06-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137391
    titleSlackware 14.2 : Slackware 14.2 kernel (SSA:2020-163-01)

Redhat

rpms
  • kernel-rt-0:4.18.0-193.rt13.51.el8
  • kernel-rt-core-0:4.18.0-193.rt13.51.el8
  • kernel-rt-debug-0:4.18.0-193.rt13.51.el8
  • kernel-rt-debug-core-0:4.18.0-193.rt13.51.el8
  • kernel-rt-debug-debuginfo-0:4.18.0-193.rt13.51.el8
  • kernel-rt-debug-devel-0:4.18.0-193.rt13.51.el8
  • kernel-rt-debug-kvm-0:4.18.0-193.rt13.51.el8
  • kernel-rt-debug-modules-0:4.18.0-193.rt13.51.el8
  • kernel-rt-debug-modules-extra-0:4.18.0-193.rt13.51.el8
  • kernel-rt-debuginfo-0:4.18.0-193.rt13.51.el8
  • kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.rt13.51.el8
  • kernel-rt-devel-0:4.18.0-193.rt13.51.el8
  • kernel-rt-kvm-0:4.18.0-193.rt13.51.el8
  • kernel-rt-modules-0:4.18.0-193.rt13.51.el8
  • kernel-rt-modules-extra-0:4.18.0-193.rt13.51.el8
  • bpftool-0:4.18.0-193.el8
  • bpftool-debuginfo-0:4.18.0-193.el8
  • kernel-0:4.18.0-193.el8
  • kernel-abi-whitelists-0:4.18.0-193.el8
  • kernel-core-0:4.18.0-193.el8
  • kernel-cross-headers-0:4.18.0-193.el8
  • kernel-debug-0:4.18.0-193.el8
  • kernel-debug-core-0:4.18.0-193.el8
  • kernel-debug-debuginfo-0:4.18.0-193.el8
  • kernel-debug-devel-0:4.18.0-193.el8
  • kernel-debug-modules-0:4.18.0-193.el8
  • kernel-debug-modules-extra-0:4.18.0-193.el8
  • kernel-debuginfo-0:4.18.0-193.el8
  • kernel-debuginfo-common-aarch64-0:4.18.0-193.el8
  • kernel-debuginfo-common-ppc64le-0:4.18.0-193.el8
  • kernel-debuginfo-common-s390x-0:4.18.0-193.el8
  • kernel-debuginfo-common-x86_64-0:4.18.0-193.el8
  • kernel-devel-0:4.18.0-193.el8
  • kernel-doc-0:4.18.0-193.el8
  • kernel-headers-0:4.18.0-193.el8
  • kernel-modules-0:4.18.0-193.el8
  • kernel-modules-extra-0:4.18.0-193.el8
  • kernel-tools-0:4.18.0-193.el8
  • kernel-tools-debuginfo-0:4.18.0-193.el8
  • kernel-tools-libs-0:4.18.0-193.el8
  • kernel-tools-libs-devel-0:4.18.0-193.el8
  • kernel-zfcpdump-0:4.18.0-193.el8
  • kernel-zfcpdump-core-0:4.18.0-193.el8
  • kernel-zfcpdump-debuginfo-0:4.18.0-193.el8
  • kernel-zfcpdump-devel-0:4.18.0-193.el8
  • kernel-zfcpdump-modules-0:4.18.0-193.el8
  • kernel-zfcpdump-modules-extra-0:4.18.0-193.el8
  • perf-0:4.18.0-193.el8
  • perf-debuginfo-0:4.18.0-193.el8
  • python3-perf-0:4.18.0-193.el8
  • python3-perf-debuginfo-0:4.18.0-193.el8

References