RHSA-2020:4060HighCVSS 8.1

Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Published
September 29, 2020
Last Modified
June 26, 2026

🔗 CVE IDs covered (46)

📋 Description

CVE-2017-18551 — kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c CVE-2018-20836 — kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free CVE-2019-9454 — kernel: out of bounds write in i2c driver leads to local escalation of privilege CVE-2019-9458 — kernel: use after free due to race condition in the video driver leads to local privilege escalation CVE-2019-12614 — kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service CVE-2019-15217 — kernel: null pointer dereference in drivers/media/usb/zr364xx/zr364xx.c driver CVE-2019-15807 — kernel: Memory leak in drivers/scsi/libsas/sas_expander.c CVE-2019-15917 — kernel: use-after-free in drivers/bluetooth/hci_ldisc.c CVE-2019-16231 — kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c CVE-2019-16233 — kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c CVE-2019-16994 — kernel: Memory leak in sit_init_net() in net/ipv6/sit.c CVE-2019-17053 — kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol CVE-2019-17055 — kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol CVE-2019-18808 — kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c CVE-2019-19046 — kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c CVE-2019-19055 — kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS CVE-2019-19058 — kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allows for a DoS CVE-2019-19059 — kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS CVE-2019-19062 — kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS CVE-2019-19063 — kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS CVE-2019-19332 — Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid CVE-2019-19447 — kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c CVE-2019-19523 — kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver CVE-2019-19524 — kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free CVE-2019-19530 — kernel: use-after-free caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver CVE-2019-19534 — kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver CVE-2019-19537 — kernel: race condition caused by a malicious USB device in the USB character device driver layer CVE-2019-19767 — kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c CVE-2019-19807 — kernel: use-after-free in sound/core/timer.c CVE-2019-20054 — kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c CVE-2019-20095 — kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c CVE-2019-20636 — kernel: out-of-bounds write via crafted keycode table CVE-2020-1749 — kernel: some ipv6 protocols not encrypted over ipsec tunnel CVE-2020-2732 — Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources CVE-2020-8647 — kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c CVE-2020-8649 — kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c CVE-2020-9383 — kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c CVE-2020-10690 — kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open CVE-2020-10732 — kernel: uninitialized kernel data leak in userspace coredumps CVE-2020-10742 — kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic CVE-2020-10751 — kernel: SELinux netlink permission check bypass CVE-2020-10942 — kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field CVE-2020-11565 — kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c CVE-2020-12770 — kernel: sg_write function lacks an sg_remove_request call in a certain failure case CVE-2020-12826 — kernel: possible to send arbitrary signals to a privileged (suidroot) parent process CVE-2020-14305 — kernel: memory corruption in Voice over IP nf_conntrack_h323 module

🔗 References (60)