Early Access — Mondoo Vulnerability Intelligence is currently in preview.
Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-16119)
Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-14314)
David Alan Gilbert discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation in some circumstances. A local attacker could use this to cause a denial of service. (CVE-2020-14385)
Giuseppe Scrivano discovered that the overlay file system in the Linux kernel did not properly perform permission checks in some situations. A local attacker could possibly use this to bypass intended restrictions and gain read access to restricted files. (CVE-2020-16120)
It was discovered that a race condition existed in the hugetlb sysctl implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-25285)
It was discovered that the block layer subsystem in the Linux kernel did not properly handle zero-length requests. A local attacker could use this to cause a denial of service. (CVE-2020-25641)
5.4.0-1028.29~18.04.15.4.0-1031.32~18.04.15.4.0-1028.29~18.04.15.4.0-51.56~18.04.15.4.0-1028.29~18.04.15.4.0-1021.24~18.04.15.4.0-51.565.4.0-1028.295.4.0-1031.325.4.0-1028.295.4.0-1026.275.4.0-1028.295.4.0-1021.24