nanopathi / linux-4.19.72_CVE-2020-29370

Other
0 stars 0 forks source link

CVE-2020-35519 (High) detected in linuxlinux-4.19.236 #282

Open mend-bolt-for-github[bot] opened 2 years ago

mend-bolt-for-github[bot] commented 2 years ago

CVE-2020-35519 - High Severity Vulnerability

Vulnerable Library - linuxlinux-4.19.236

The Linux Kernel

Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux

Found in HEAD commit: a9ef12c01434b7acb272409c3025b43fd5b29138

Found in base branch: master

Vulnerable Source Files (2)

/net/x25/af_x25.c /net/x25/af_x25.c

Vulnerability Details

An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Publish Date: 2021-05-06

URL: CVE-2020-35519

CVSS 3 Score Details (7.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.linuxkernelcves.com/cves/CVE-2020-35519

Release Date: 2021-05-06

Fix Resolution: v4.4.248, v4.9.248, v4.14.211, v4.19.162, v5.4.82, v5.9.13, v5.10-rc7


Step up your Open Source Security Game with Mend here