SECURITY

Linux Kernel 5.9.1 and earlier versions have data leaks and privilege vulnerabilities



Naija Tech News (NTN) on 26, and in content, Linux Kernel 5.9.1 and earlier versions have data leaks and privilege vulnerabilities, Kernel 5.9.1, Linux, Linux kernel, Linux Kernel 5.9.1 .

The Linux kernel has recently exposed multiple vulnerabilities that allow attackers to gain privileges and access confidential data and existing accounts without verification.

Linux Kernel 5.9.1 and earlier versions have data leaks and privilege vulnerabilities

The following are the details of the vulnerability:

Vulnerability details

1. CVE-2020-26088 severity: high

The NFC socket creation in net/nfc/rawsock.c lacks the CAP_NET_RAW check. Local attackers can bypass the security mechanism to use it to create raw sockets, gain privileges, and gain unauthorized access to confidential data and existing accounts. .

2. CVE-2020-25645 severity: high

When IPsec is configured to encrypt communication on a specific UDP port used by the GENEVE tunnel, the communication between two Geneve endpoints may not be encrypted, allowing anyone between the two endpoints to read the unencrypted communication. The main threat of this vulnerability is the confidentiality of data.

3. CVE-2020-27673 severity: high

The vulnerability may cause a denial of service. Whenever an event is accepted by the kernel, another event can enter the channel through the same event. If new events are introduced at a high rate, it may cause the event processing loop to run for a long time. In extreme cases, this may cause the kernel to hang completely, causing a DoS (Denial of Service) on the host when dom0 is affected.

4. CVE-2020-27675 severity: high

The Linux kernel event channel processing code does not protect event processing for the same event channel that is deleted in parallel.

This may lead to access to the memory area that has been released or to cancel the reference to the null pointer in the event handling code, which may lead to system behavior errors or even crashes.

5. CVE-2020-25643 severity: high

A vulnerability was found in the HDLC_PPP module. Incorrect input validation in the ppp_cp_parse_cr function can cause memory corruption and read overflow, which may cause system crashes or denial of service. The biggest threat from this vulnerability is the threat to data confidentiality and integrity and system availability.

Affected products and versions

This vulnerability affects Linux Kernel 5.9.1 and earlier (Linux release 4.6 kernel and above) Linux distributions:

RedHat RHEL 8,

Ubuntu Bionic (18.04) and higher,

Debian 9 and 10,

CentOS 8,

Fedora and other Linux distributions based on these kernels will be affected

solution

Upgrade to Linux kernel 5.9.1 or later to fix the above vulnerabilities

DOWNLOAD Our Mobile App



If you think this post can be helpful to somebody else, please share it on Twitter, Facebook or Whatsapp it to friends. There are buttons below for this (easy to use too)! Join Over 5,000 + Readers. Get a free daily update via Email HERE


For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow Naijatechnews' FacebookTwitter, Instagram & Telegram. Subscribe our Google News, & YouTube Cannel.

YOU MAY LIKE

Download Netify VPN Apk 2019 For Android 1

Click to comment ❤️

Leave a Reply

2 + 12 =



Note: off comments will be trashed and you will be marked as Spam! use contact us, if it's required.

TRENDING POSTS

Copyright © 2020 Naijatechnews. All rights reserved.Technology is developing very rapidly. We’ll keep you posted on all the latest news in technology and lifestyle. Spread the word!

To Top