Open mend-bolt-for-github[bot] opened 2 years ago
The Linux Kernel
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: 05c0743befb9102e2ecb9fbd0fa8eb43eb8bb5ec
Found in base branch: master
/fs/romfs/storage.c /fs/romfs/storage.c /fs/romfs/storage.c
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.
Publish Date: 2020-11-28
URL: CVE-2020-29371
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29371
Release Date: 2020-11-28
Fix Resolution: v5.9-rc2,v5.8.4,v5.7.18,v5.4.61
Step up your Open Source Security Game with Mend here
CVE-2020-29371 - Low Severity Vulnerability
Vulnerable Library - linuxlinux-4.19.238
The Linux Kernel
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: 05c0743befb9102e2ecb9fbd0fa8eb43eb8bb5ec
Found in base branch: master
Vulnerable Source Files (3)
/fs/romfs/storage.c /fs/romfs/storage.c /fs/romfs/storage.c
Vulnerability Details
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.
Publish Date: 2020-11-28
URL: CVE-2020-29371
CVSS 3 Score Details (3.3)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29371
Release Date: 2020-11-28
Fix Resolution: v5.9-rc2,v5.8.4,v5.7.18,v5.4.61
Step up your Open Source Security Game with Mend here