The Linux kernel has recently exposed multiple vulnerabilities that allow attackers to gain privileges and access confidential data and existing accounts without verification.
The following are the details of the vulnerability:
Vulnerability details
1. CVE-2020-26088 severity: high
The NFC socket creation in net/nfc/rawsock.c lacks the CAP_NET_RAW check. Local attackers can bypass the security mechanism to use it to create raw sockets, gain privileges, and gain unauthorized access to confidential data and existing accounts. .
2. CVE-2020-25645 severity: high
When IPsec is configured to encrypt communication on a specific UDP port used by the GENEVE tunnel, the communication between two Geneve endpoints may not be encrypted, allowing anyone between the two endpoints to read the unencrypted communication. The main threat of this vulnerability is the confidentiality of data.
3. CVE-2020-27673 severity: high
The vulnerability may cause a denial of service. Whenever an event is accepted by the kernel, another event can enter the channel through the same event. If new events are introduced at a high rate, it may cause the event processing loop to run for a long time. In extreme cases, this may cause the kernel to hang completely, causing a DoS (Denial of Service) on the host when dom0 is affected.
4. CVE-2020-27675 severity: high
The Linux kernel event channel processing code does not protect event processing for the same event channel that is deleted in parallel.
This may lead to access to the memory area that has been released or to cancel the reference to the null pointer in the event handling code, which may lead to system behavior errors or even crashes.
5. CVE-2020-25643 severity: high
A vulnerability was found in the HDLC_PPP module. Incorrect input validation in the ppp_cp_parse_cr function can cause memory corruption and read overflow, which may cause system crashes or denial of service. The biggest threat from this vulnerability is the threat to data confidentiality and integrity and system availability.
Affected products and versions
This vulnerability affects Linux Kernel 5.9.1 and earlier (Linux release 4.6 kernel and above) Linux distributions:
RedHat RHEL 8,
Ubuntu Bionic (18.04) and higher,
Debian 9 and 10,
CentOS 8,
Fedora and other Linux distributions based on these kernels will be affected
solution
Upgrade to Linux kernel 5.9.1 or later to fix the above vulnerabilities
For more such interesting article like this, app/softwares, games, Gadget Reviews, comparisons, troubleshooting guides, listicles, and tips & tricks related to Windows, Android, iOS, and macOS, follow us on Google News, Facebook, Instagram, Twitter, YouTube, and Pinterest.