RHSA-2020:4431MediumCVSS 7.8

Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Published
November 4, 2020
Last Modified
June 29, 2026

🔗 CVE IDs covered (51)

📋 Description

CVE-2019-9455 — kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure CVE-2019-9458 — kernel: use after free due to race condition in the video driver leads to local privilege escalation CVE-2019-12614 — kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service CVE-2019-15917 — kernel: use-after-free in drivers/bluetooth/hci_ldisc.c CVE-2019-15925 — kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg CVE-2019-16231 — kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c CVE-2019-16233 — kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c CVE-2019-18808 — kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c CVE-2019-18809 — kernel: memory leak in af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c CVE-2019-19046 — kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c CVE-2019-19056 — kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows to cause DoS CVE-2019-19062 — kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS CVE-2019-19063 — kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS CVE-2019-19068 — kernel: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS CVE-2019-19072 — kernel: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c allows for a DoS CVE-2019-19319 — kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c CVE-2019-19332 — Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid CVE-2019-19447 — kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c CVE-2019-19524 — kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free CVE-2019-19533 — kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c CVE-2019-19537 — kernel: race condition caused by a malicious USB device in the USB character device driver layer CVE-2019-19543 — kernel: use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c CVE-2019-19602 — kernel: cached use of fpu_fpregs_owner_ctx in arch/x86/include/asm/fpu/internal.h can lead to DoS CVE-2019-19767 — kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c CVE-2019-19770 — kernel: use-after-free in debugfs_remove in fs/debugfs/inode.c CVE-2019-20054 — kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c CVE-2019-20636 — kernel: out-of-bounds write via crafted keycode table CVE-2019-20812 — kernel: af_packet: TPACKET_V3: invalid timer timeout on error CVE-2020-0305 — kernel: possible use-after-free due to a race condition in cdev_get of char_dev.c CVE-2020-0444 — kernel: bad kfree in auditfilter.c may lead to escalation of privilege CVE-2020-8647 — kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c CVE-2020-8648 — kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c CVE-2020-8649 — kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c CVE-2020-10732 — kernel: uninitialized kernel data leak in userspace coredumps CVE-2020-10751 — kernel: SELinux netlink permission check bypass CVE-2020-10773 — kernel: kernel stack information leak on s390/s390x CVE-2020-10774 — kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features CVE-2020-10942 — kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field CVE-2020-11565 — kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c CVE-2020-11668 — kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c CVE-2020-12465 — kernel: buffer overflow in mt76_add_fragment function in drivers/net/wireless/mediatek/mt76/dma.c CVE-2020-12655 — kernel: sync of excessive duration via an XFS v5 image with crafted metadata CVE-2020-12659 — kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data coruption CVE-2020-12770 — kernel: sg_write function lacks an sg_remove_request call in a certain failure case CVE-2020-12826 — kernel: possible to send arbitrary signals to a privileged (suidroot) parent process CVE-2020-14381 — kernel: referencing inode of removed superblock in get_futex_key() causes UAF CVE-2020-25641 — kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS CVE-2021-3715 — kernel: use-after-free in route4_change() in net/sched/cls_route.c CVE-2022-50219 — kernel: bpf: Fix KASAN use-after-free Read in compute_effective_progs CVE-2023-53585 — kernel: bpf: reject unhashed sockets in bpf_sk_assign CVE-2025-21727 — kernel: padata: fix UAF in padata_reorder

🔗 References (57)