Simon Scannell discovered that the bpf verifier in the Linux kernel did not properly calculate register bounds for certain operations. A local attacker could use this to expose sensitive information (kernel memory) or gain administrative privileges. (CVE-2020-27194) Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit (RAPL) driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8694)
from Ubuntu Security Notices https://ift.tt/2GMMYFs
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.