skip to Main Content

Cyber Security, two new medium vulnerabilities on Linux Kernel

Cyber Security, Two New Medium Vulnerabilities On Linux Kernel

Linux Kernel has two medium severity vulnerabilities that allow an actor to perform a denial of service (DoS) attack: the CVE-2020-12888 and the CVE-2020-13143

Linux Kernel has two medium severity vulnerabilities that allow an atctor to perform a denial of service (DoS) attack. It has been announced by Cyber Security Help. The first one (Improper Handling of Exceptional Conditions, CVE-2020-12888) exists due to the VFIO PCI driver mishandles attempts to access disabled memory space. A local user can cause a denial of service condition on the target system. The second (Out-of-bounds read, CVE-2020-13143), due to a boundary condition in “gadget_dev_desc_UDC_store” in “drivers/usb/gadget/configfs.c” file. A remote attacker can trigger out-of-bounds read error and cause a denial of service on the target system. In this last case, the flaw can be exploited by a remote non-authenticated attacker via the Internet. To mitigate the risks it’s important to install updates from vendor’s website.

Back To Top