5.4.201

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-30	CVE-2020-16166	Use of Insufficiently Random Values vulnerability in multiple products The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. network high complexity linux opensuse fedoraproject debian canonical netapp oracle CWE-330	3.7
2020-05-22	CVE-2020-10711	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. network high complexity linux redhat debian opensuse canonical CWE-476	5.9
2020-05-18	CVE-2020-13143	Out-of-bounds Read vulnerability in multiple products gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4. network low complexity linux opensuse debian canonical netapp CWE-125	6.5
2020-05-15	CVE-2020-12888	Improper Handling of Exceptional Conditions vulnerability in multiple products The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. local high complexity linux fedoraproject opensuse debian canonical netapp CWE-755	5.3
2020-05-09	CVE-2020-12770	An issue was discovered in the Linux kernel through 5.6.11. local low complexity linux fedoraproject canonical debian netapp	6.7
2020-05-09	CVE-2020-12768	Memory Leak vulnerability in multiple products An issue was discovered in the Linux kernel before 5.6. local low complexity linux canonical debian CWE-401	5.5
2020-05-08	CVE-2020-10690	Use After Free vulnerability in multiple products There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. local high complexity linux redhat debian canonical opensuse netapp CWE-416	6.4
2020-05-05	CVE-2020-12656	Memory Leak vulnerability in multiple products gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. local low complexity linux canonical opensuse CWE-401	5.5
2020-05-05	CVE-2020-12655	Infinite Loop vulnerability in Linux Kernel An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. local low complexity linux CWE-835	5.5
2020-04-12	CVE-2020-11725	Unspecified vulnerability in Linux Kernel snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info->owner field to represent data unrelated to the "owner" concept. local low complexity linux	7.8