Linux Kernel has two medium severity vulnerabilities that allow an actor to perform a denial of service (DoS) attack: the CVE-2020-12888 and the CVE-2020-13143
Linux Kernel has two medium severity vulnerabilities that allow an atctor to perform a denial of service (DoS) attack. It has been announced by Cyber Security Help. The first one (Improper Handling of Exceptional Conditions, CVE-2020-12888) exists due to the VFIO PCI driver mishandles attempts to access disabled memory space. A local user can cause a denial of service condition on the target system. The second (Out-of-bounds read, CVE-2020-13143), due to a boundary condition in “gadget_dev_desc_UDC_store” in “drivers/usb/gadget/configfs.c” file. A remote attacker can trigger out-of-bounds read error and cause a denial of service on the target system. In this last case, the flaw can be exploited by a remote non-authenticated attacker via the Internet. To mitigate the risks it’s important to install updates from vendor’s website.