Naija Tech News (NTN) on 26, and in content, Linux Kernel 5.9.1 and earlier versions have data leaks and privilege vulnerabilities, Kernel 5.9.1, Linux, Linux kernel, Linux Kernel 5.9.1 .
The Linux kernel has recently exposed multiple vulnerabilities that allow attackers to gain privileges and access confidential data and existing accounts without verification.
The following are the details of the vulnerability:
1. CVE-2020-26088 severity: high
The NFC socket creation in net/nfc/rawsock.c lacks the CAP_NET_RAW check. Local attackers can bypass the security mechanism to use it to create raw sockets, gain privileges, and gain unauthorized access to confidential data and existing accounts. .
2. CVE-2020-25645 severity: high
When IPsec is configured to encrypt communication on a specific UDP port used by the GENEVE tunnel, the communication between two Geneve endpoints may not be encrypted, allowing anyone between the two endpoints to read the unencrypted communication. The main threat of this vulnerability is the confidentiality of data.
3. CVE-2020-27673 severity: high
The vulnerability may cause a denial of service. Whenever an event is accepted by the kernel, another event can enter the channel through the same event. If new events are introduced at a high rate, it may cause the event processing loop to run for a long time. In extreme cases, this may cause the kernel to hang completely, causing a DoS (Denial of Service) on the host when dom0 is affected.
4. CVE-2020-27675 severity: high
The Linux kernel event channel processing code does not protect event processing for the same event channel that is deleted in parallel.
This may lead to access to the memory area that has been released or to cancel the reference to the null pointer in the event handling code, which may lead to system behavior errors or even crashes.
5. CVE-2020-25643 severity: high
A vulnerability was found in the HDLC_PPP module. Incorrect input validation in the ppp_cp_parse_cr function can cause memory corruption and read overflow, which may cause system crashes or denial of service. The biggest threat from this vulnerability is the threat to data confidentiality and integrity and system availability.
Affected products and versions
This vulnerability affects Linux Kernel 5.9.1 and earlier (Linux release 4.6 kernel and above) Linux distributions:
RedHat RHEL 8,
Ubuntu Bionic (18.04) and higher,
Debian 9 and 10,
Fedora and other Linux distributions based on these kernels will be affected
Upgrade to Linux kernel 5.9.1 or later to fix the above vulnerabilities
If you think this post can be helpful to somebody else, please share it on Twitter, Facebook or Whatsapp it to friends. There are buttons below for this (easy to use too)! Join Over 5,000 + Readers. Get a free daily update via Email HERE
YOU MAY LIKE
Note: off comments will be trashed and you will be marked as Spam! use contact us, if it's required.