CVE-2020-25656 CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-25705 CVE-2020-27673 CVE-2020-27675 CVE-2020-28974
Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks.
CVE-2020-0427
Elena Petrova reported a bug in the pinctrl subsystem that can
lead to a use-after-free after a device is renamed. The security
impact of this is unclear.
CVE-2020-8694
Multiple researchers discovered that the powercap subsystem
allowed all users to read CPU energy meters, by default. On
systems using Intel CPUs, this provided a side channel that could
leak sensitive information between user processes, or from the
kernel to user processes. The energy meters are now readable only
by root, by default.
This issue can be mitigated by running:
chmod go-r /sys/devices/virtual/powercap/*/*/energy_uj
This needs to be repeated each time the system is booted with
an unfixed kernel version.
CVE-2020-14351
A race condition was discovered in the performance events
subsystem, which could lead to a use-after-free. A local user
permitted to access performance events could use this to cause a
denial of service (crash or memory corruption) or possibly for
privilege escalation.
Debian's kernel configuration does not allow unprivileged users to
access peformance events by default, which fully mitigates this
issue.
CVE-2020-25645
A flaw was discovered in the interface driver for GENEVE
encapsulated traffic when combined with IPsec. If IPsec is
configured to encrypt traffic for the specific UDP port used by the
GENEVE tunnel, tunneled data isn't correctly routed over the
encrypted link and sent unencrypted instead.
CVE-2020-25656
Yuan Ming and Bodong Zhao discovered a race condition in the
virtual terminal (vt) driver that could...
4.9.246-1