SB2020111142 - Fedora 33 update for kernel, kernel-headers, kernel-tools
Published: November 11, 2020 Updated: April 25, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Improper access control (CVE-ID: CVE-2020-8694)
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the Linux kernel driver. A local user can bypass implemented security restrictions and gain unauthorized access to sensitive information on the system.
Affected products:
|
Product Collection |
Vertical Segment |
CPUID |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
806E9 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
806EC |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
906EA |
|
9th Generation Intel® Core™ Processor Family |
Mobile |
906EC |
|
8th Generation Intel® Core™ Processor Family |
Desktop |
906EA |
|
9th Generation Intel® Core™ Processor Family |
Desktop |
906EC |
|
Intel® Xeon® Processor E Family |
Server Workstation AMT Server |
906EA |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
806EA |
|
8th Generation Intel® Core™ Processor Family Intel® Pentium® Gold Processor Series Intel® Celeron® Processor G Series |
Desktop |
906EB |
|
Intel® Xeon® Processor E Family |
Server Workstation AMT Server |
906EA |
|
8th Generation Intel® Core™ Processor Family |
Desktop |
906EA |
|
9th Generation Intel® Core™ Processor Family |
Desktop |
906ED |
|
9th Generation Intel® Core™ Processor Family |
Desktop |
906ED |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
A0660 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
A0661 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
806EC |
|
10th Generation Intel® Core™ Processor Family |
Desktop |
A0653 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
A0655 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
A0652 |
|
Intel® Pentium® Processor Silver Series Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series |
Desktop Mobile Embedded |
706A1 |
|
Intel® Pentium® Processor Silver Series Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series |
Desktop Mobile Embedded |
706A8 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
706E5 |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
906E9 |
|
7th Generation Intel® Core™ Processor Family |
Mobile Embedded |
906E9 |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
806EA |
|
7th Generation Intel® Core™ Processor Family |
Desktop Embedded |
906E9 |
|
7th Generation Intel® Core™ Processor Family |
Mobile |
806E9 |
|
7th Generation Intel® Core™ Processor Family |
Mobile |
806E9 |
|
Intel® Core™ X-series Processors |
Desktop |
906E9 |
|
Intel® Xeon® Processor E3 v6 Family |
Server Workstation AMT Server |
906E9 |
|
7th Generation Intel® Core™ Processor Family |
Mobile |
806E9 |
|
6th Generation Intel® Core™ Processor Family |
Mobile |
506E3 |
|
6th Generation Intel® Core™ Processor Family |
Desktop Embedded |
506E3 |
|
6th Generation Intel® Core™ Processors |
Mobile |
406E3 |
|
6th Generation Intel® Core™ Processor Family |
Mobile |
406E3 |
|
Intel® Xeon® Processor E3 v5 Family |
Server Workstation AMT Server |
506E3 |
|
6th Generation Intel® Core™ Processor Family |
Mobile |
406E3 |
|
8th Generation Intel® Core™ Processors |
Mobile |
806EB |
|
8th Generation Intel® Core™ Processors |
Mobile |
806EC |
2) Input validation error (CVE-ID: CVE-2020-27673)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the clear_linked(), consume_one_event(), __evtchn_fifo_handle_events() and evtchn_fifo_percpu_init() functions in drivers/xen/events/events_fifo.c, within the module_param(), DEFINE_RWLOCK(), enable_dynirq(), notify_remote_via_irq(), EXPORT_SYMBOL_GPL(), xen_irq_init(), xen_free_irq(), xen_send_IPI_one(), __xen_evtchn_do_upcall(), xen_setup_callback_vector(), xen_evtchn_cpu_prepare() and xen_init_IRQ() functions in drivers/xen/events/events_base.c, within the active_evtchns() and evtchn_2l_handle_events() functions in drivers/xen/events/events_2l.c. A local user can perform a denial of service (DoS) attack.
3) Use-after-free (CVE-ID: CVE-2020-25668)
The vulnerability allows a local authenticated user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the con_font_op. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.
4) Memory leak (CVE-ID: CVE-2020-25704)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the Linux kernel performance monitoring subsystem when using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.
5) Use-after-free (CVE-ID: CVE-2020-25656)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a use-after-free error in the way the console subsystem uses KDGKBSENT and KDSKBSENT IOCTLs. A local user can run a specially crafted program to trigger an out-of-bounds read and gain access to sensitive information.
Remediation
Install update from vendor's website.