Vulnerabilities > Linux > Linux Kernel > 2.6.12.5

DATE CVE VULNERABILITY TITLE RISK
2020-09-15 CVE-2020-14314 Out-of-bounds Read vulnerability in multiple products
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing.
5.5
2020-09-15 CVE-2020-14331 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur.
low complexity
linux redhat CWE-787
6.6
2020-09-13 CVE-2020-25285 NULL Pointer Dereference vulnerability in multiple products
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.
4.4
2020-09-13 CVE-2020-25284 Incorrect Authorization vulnerability in multiple products
The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.
1.9
2020-09-09 CVE-2020-25212 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.
4.4
2020-09-09 CVE-2020-25211 Classic Buffer Overflow vulnerability in multiple products
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.
local
low complexity
linux debian fedoraproject CWE-120
6.0
2020-09-03 CVE-2020-10720 Use After Free vulnerability in Linux Kernel
A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2.
local
low complexity
linux CWE-416
4.9
2020-08-19 CVE-2020-24394 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131.
7.1
2020-07-30 CVE-2020-16166 Use of Insufficiently Random Values vulnerability in multiple products
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c.
3.7
2020-07-15 CVE-2020-15780 Missing Authorization vulnerability in multiple products
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7.
local
low complexity
linux opensuse canonical CWE-862
7.2