6.5

CVE-2020-13143

gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.16 <= 5.6.13
OpensuseLeap Version15.1
OpensuseLeap Version15.2
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.10
CanonicalUbuntu Linux Version20.04 SwEditionlts
NetappActive Iq Unified Manager Version- SwPlatformvmware_vsphere
NetappCloud Backup Version-
NetappElement Software Version-
NetappSolidfire Version-
NetappBootstrap Os Version-
   NetappHci Compute Node Version-
NetappA700s Firmware Version-
   NetappA700s Version-
NetappH300s Firmware Version-
   NetappH300s Version-
NetappH500s Firmware Version-
   NetappH500s Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappH300e Firmware Version-
   NetappH300e Version-
NetappH500e Firmware Version-
   NetappH500e Version-
NetappH700e Firmware Version-
   NetappH700e Version-
NetappH410s Firmware Version-
   NetappH410s Version-
NetappH410c Firmware Version-
   NetappH410c Version-
NetappH610c Firmware Version-
   NetappH610c Version-
NetappH610s Firmware Version-
   NetappH610s Version-
NetappH615c Firmware Version-
   NetappH615c Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.51% 0.903
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
Third Party Advisory
Mailing List
https://security.netapp.com/advisory/ntap-20200608-0001/
Third Party Advisory
https://usn.ubuntu.com/4414-1/
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2020/dsa-4698
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2020/dsa-4699
Third Party Advisory
https://usn.ubuntu.com/4419-1/
Third Party Advisory
https://usn.ubuntu.com/4411-1/
Third Party Advisory
https://usn.ubuntu.com/4412-1/
Third Party Advisory
https://usn.ubuntu.com/4413-1/
Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c
Patch
Vendor Advisory
Mailing List
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f
Patch
Vendor Advisory
https://www.spinics.net/lists/linux-usb/msg194331.html
Third Party Advisory