VAR-202102-0068
Vulnerability from variot - Updated: 2025-12-22 20:43Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time. Description:
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Bugs fixed (https://bugzilla.redhat.com/):
1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1945703 - "Guest OS Info" availability in VMI describe is flaky 1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster 1963275 - migration controller null pointer dereference 1965099 - Live Migration double handoff to virt-handler causes connection failures 1965181 - CDI importer doesn't report AwaitingVDDK like it used to 1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod 1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs 1969756 - Windows VMs fail to start on air-gapped environments 1970372 - Virt-handler fails to verify container-disk 1973227 - segfault in virt-controller during pdb deletion 1974084 - 2.6.6 containers 1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted] 1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration 1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner 1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i... 1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2021:1739-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1739 Issue date: 2021-05-18 CVE Names: CVE-2019-19523 CVE-2019-19528 CVE-2020-0431 CVE-2020-11608 CVE-2020-12114 CVE-2020-12362 CVE-2020-12464 CVE-2020-14314 CVE-2020-14356 CVE-2020-15437 CVE-2020-24394 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25643 CVE-2020-25704 CVE-2020-27786 CVE-2020-27835 CVE-2020-28974 CVE-2020-35508 CVE-2021-0342 ==================================================================== 1. Summary:
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Real Time (v. 8) - x86_64 Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64
- Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
-
kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)
-
kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523)
-
kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (CVE-2019-19528)
-
kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431)
-
kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)
-
kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464)
-
kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)
-
kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356)
-
kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c (CVE-2020-15437)
-
kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)
-
kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)
-
kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284)
-
kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285)
-
kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643)
-
kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)
-
kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)
-
kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835)
-
kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)
-
kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting
-
->real_parent (CVE-2020-35508)
-
kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege (CVE-2021-0342)
-
kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1783434 - CVE-2019-19523 kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver 1783507 - CVE-2019-19528 kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver 1831726 - CVE-2020-12464 kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c 1833445 - CVE-2020-11608 kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c 1848652 - CVE-2020-12114 kernel: DoS by corrupting mountpoint reference counter 1853922 - CVE-2020-14314 kernel: buffer uses out of index in ext3/4 filesystem 1868453 - CVE-2020-14356 kernel: Use After Free vulnerability in cgroup BPF component 1869141 - CVE-2020-24394 kernel: umask not applied on filesystem without ACL support 1877575 - CVE-2020-25212 kernel: TOCTOU mismatch in the NFS client code 1879981 - CVE-2020-25643 kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow 1882591 - CVE-2020-25285 kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c 1882594 - CVE-2020-25284 kernel: incomplete permission checking for access to rbd devices 1886109 - BUG: using smp_processor_id() in preemptible [00000000] code: handler106/3082 [rhel-rt-8.4.0] 1894793 - After configure hugepage and reboot test server, kernel got panic status. 1895961 - CVE-2020-25704 kernel: perf_event_parse_addr_filter memory 1896842 - host locks up when running stress-ng itimers on RT kernel. 1897869 - Running oslat in RT guest, guest kernel shows Call Trace: INFO: task kcompactd0:35 blocked for more than 600 seconds. 1900933 - CVE-2020-27786 kernel: use-after-free in kernel midi subsystem 1901161 - CVE-2020-15437 kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c 1901709 - CVE-2020-27835 kernel: child process is able to access parent mm through hfi dev file handle 1902724 - CVE-2020-35508 kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent 1903126 - CVE-2020-28974 kernel: slab-out-of-bounds read in fbcon 1915799 - CVE-2021-0342 kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege 1919889 - CVE-2020-0431 kernel: possible out of bounds write in kbd_keycode of keyboard.c 1930246 - CVE-2020-12362 kernel: Integer overflow in Intel(R) Graphics Drivers
- Package List:
Red Hat Enterprise Linux Real Time for NFV (v. 8):
Source: kernel-rt-4.18.0-305.rt7.72.el8.src.rpm
x86_64: kernel-rt-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-core-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-core-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-devel-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-kvm-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-modules-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-devel-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-kvm-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-modules-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm
Red Hat Enterprise Linux Real Time (v. 8):
Source: kernel-rt-4.18.0-305.rt7.72.el8.src.rpm
x86_64: kernel-rt-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-core-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-core-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-devel-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-modules-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-devel-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-modules-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-19523 https://access.redhat.com/security/cve/CVE-2019-19528 https://access.redhat.com/security/cve/CVE-2020-0431 https://access.redhat.com/security/cve/CVE-2020-11608 https://access.redhat.com/security/cve/CVE-2020-12114 https://access.redhat.com/security/cve/CVE-2020-12362 https://access.redhat.com/security/cve/CVE-2020-12464 https://access.redhat.com/security/cve/CVE-2020-14314 https://access.redhat.com/security/cve/CVE-2020-14356 https://access.redhat.com/security/cve/CVE-2020-15437 https://access.redhat.com/security/cve/CVE-2020-24394 https://access.redhat.com/security/cve/CVE-2020-25212 https://access.redhat.com/security/cve/CVE-2020-25284 https://access.redhat.com/security/cve/CVE-2020-25285 https://access.redhat.com/security/cve/CVE-2020-25643 https://access.redhat.com/security/cve/CVE-2020-25704 https://access.redhat.com/security/cve/CVE-2020-27786 https://access.redhat.com/security/cve/CVE-2020-27835 https://access.redhat.com/security/cve/CVE-2020-28974 https://access.redhat.com/security/cve/CVE-2020-35508 https://access.redhat.com/security/cve/CVE-2021-0342 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYKPwgNzjgjWX9erEAQiOVg//YfXIKUxc84y2aRexvrPHeTQvYkFMktq7 NEhNhHqEZbDUabM5+eKb5hoyG44PmXvQuK1njYjEbpTjQss92U8fekGJZAR9Zbsl WEfVcu/ix/UJOzQj/lp+dKhirBSE/33xgBmSsQI6JQc+xn1AoZC8bOeSqyr7J6Y7 t6I552Llhun9DDUGS8KYAM8PkrK3RGQybAS3S4atTdYd0qk42ZPF7/XqrbI7G4iq 0Oe+ZePj6lN1O7pHV0WYUD2yzLTCZZopmz5847BLBEbGLqPyxlShZ+MFGsWxCOHk tW8lw/nqVt/MNlOXI1tD6P6iFZ6JQYrRU5mGFlvsl3t9NQW60MxmcUNPgtVknXW5 BssBM/r6uLi0yFTTnDRZnv2MCs7fIzzqKXOHozrCvItswG6S8Qs72MaW2EQHAEen m7/fMKWTjt9CQudNCm/FwHLb8O9cYnOZwRiAINomo2B/Fi1b7WlquETSmjgQaQNr RxqtgiNQ98q92gnFgC8pCzxmiKRmHLFJEuxXYVq0O8Ch5i/eC8ExoO7Hqe6kYnJe ZaST6fAtb2bMDcPdborfSIUmuDcYdKFtcEfCuuFZIbBxnL2aJDMw0zen/rmDNQyV lwwXoKanoP5EjKKFMc/zkeHlOInMzeHa/0DIlA9h3kpro5eGN0uOPZvsrlryjC+J iJzkORGWplM\xfb/D -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/
Security fixes:
-
redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)
-
console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092)
-
console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918)
Bug fixes:
-
RHACM 2.2.4 images (BZ# 1957254)
-
Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832)
-
ACM Operator should support using the default route TLS (BZ# 1955270)
-
The scrolling bar for search filter does not work properly (BZ# 1956852)
-
Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)
-
The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181)
-
Unable to make SSH connection to a Bitbucket server (BZ# 1966513)
-
Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message
-
7.7) - ppc64, ppc64le, x86_64
-
Description:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
-
kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)
-
kernel: use-after-free in fs/block_dev.c (CVE-2020-15436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
RHEL7.7 - s390/dasd: Fix zero write for FBA devices (BZ#1931440)
-
Kernel experiences panic in update_group_power() due to division error even with Bug 1701115 fix (BZ#1961623)
-
Bugs fixed (https://bugzilla.redhat.com/):
1901168 - CVE-2020-15436 kernel: use-after-free in fs/block_dev.c 1930246 - CVE-2020-12362 kernel: Integer overflow in Intel(R) Graphics Drivers
-
6 ELS) - i386, s390x, x86_64
Bug Fix(es):
-
kernel-rt: update RT source tree to the latest RHEL-8.2.z9 Batch source tree (BZ#1949685)
Bug Fix(es):
-
RHEL8.3 - Include patch: powerpc/pci: Remove LSI mappings on device teardown (xive/pci) (BZ#1931925)
-
RHEL8.2 - [P10][Denali] System crash during a perf sanity test (perf:) (BZ#1933995)
-
[RHEL 8.1] AMD/EPYC nested guest virtualization L1 guest crash (BZ#1945404)
-
[HPEMC 8.1 REGRESSION] skx_uncore: probe of 0008:80:08.0 failed with error -22 (BZ#1947114)
-
iperf3 over geneve created on vlan would fail (BZ#1947979)
-
[Azure][RHEL-8]Mellanox Patches To Prevent Kernel Hang In MLX4 (BZ#1952071)
-
[HPEMC 8.4 REGRESSION]: perf/x86/intel/uncore kernel panic vulnerability on Haswell and Broadwell servers (BZ#1956685)
4
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0068",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "graphics drivers",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "26.20.100.7212"
},
{
"model": "intel graphics drivers",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": "for linux kernel 5.5"
},
{
"model": "intel graphics drivers",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel graphics drivers",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": "for windows 26.20.100.7212"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016137"
},
{
"db": "NVD",
"id": "CVE-2020-12362"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "162654"
},
{
"db": "PACKETSTORM",
"id": "162626"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163248"
},
{
"db": "PACKETSTORM",
"id": "163578"
},
{
"db": "PACKETSTORM",
"id": "163018"
},
{
"db": "PACKETSTORM",
"id": "162907"
},
{
"db": "PACKETSTORM",
"id": "162916"
}
],
"trust": 0.9
},
"cve": "CVE-2020-12362",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12362",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-165033",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-12362",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-12362",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12362",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-12362",
"trust": 0.8,
"value": "High"
},
{
"author": "VULHUB",
"id": "VHN-165033",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165033"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016137"
},
{
"db": "NVD",
"id": "CVE-2020-12362"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time. Description:\n\nOpenShift Virtualization is Red Hat\u0027s virtualization solution designed for\nRed Hat OpenShift Container Platform. Bugs fixed (https://bugzilla.redhat.com/):\n\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n1945703 - \"Guest OS Info\" availability in VMI describe is flaky\n1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster\n1963275 - migration controller null pointer dereference\n1965099 - Live Migration double handoff to virt-handler causes connection failures\n1965181 - CDI importer doesn\u0027t report AwaitingVDDK like it used to\n1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod\n1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs\n1969756 - Windows VMs fail to start on air-gapped environments\n1970372 - Virt-handler fails to verify container-disk\n1973227 - segfault in virt-controller during pdb deletion\n1974084 - 2.6.6 containers\n1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted]\n1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration\n1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner\n1982760 - [v2v] no kind VirtualMachine is registered for version \\\"kubevirt.io/v1\\\" i... \n1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with \u003c= 4.8\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: kernel-rt security and bug fix update\nAdvisory ID: RHSA-2021:1739-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1739\nIssue date: 2021-05-18\nCVE Names: CVE-2019-19523 CVE-2019-19528 CVE-2020-0431\n CVE-2020-11608 CVE-2020-12114 CVE-2020-12362\n CVE-2020-12464 CVE-2020-14314 CVE-2020-14356\n CVE-2020-15437 CVE-2020-24394 CVE-2020-25212\n CVE-2020-25284 CVE-2020-25285 CVE-2020-25643\n CVE-2020-25704 CVE-2020-27786 CVE-2020-27835\n CVE-2020-28974 CVE-2020-35508 CVE-2021-0342\n====================================================================\n1. Summary:\n\nAn update for kernel-rt is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Real Time (v. 8) - x86_64\nRed Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64\n\n3. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. \n\nSecurity Fix(es):\n\n* kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n* kernel: use-after-free caused by a malicious USB device in the\ndrivers/usb/misc/adutux.c driver (CVE-2019-19523)\n\n* kernel: use-after-free bug caused by a malicious USB device in the\ndrivers/usb/misc/iowarrior.c driver (CVE-2019-19528)\n\n* kernel: possible out of bounds write in kbd_keycode of keyboard.c\n(CVE-2020-0431)\n\n* kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)\n\n* kernel: use-after-free in usb_sg_cancel function in\ndrivers/usb/core/message.c (CVE-2020-12464)\n\n* kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)\n\n* kernel: Use After Free vulnerability in cgroup BPF component\n(CVE-2020-14356)\n\n* kernel: NULL pointer dereference in serial8250_isa_init_ports function in\ndrivers/tty/serial/8250/8250_core.c (CVE-2020-15437)\n\n* kernel: umask not applied on filesystem without ACL support\n(CVE-2020-24394)\n\n* kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)\n\n* kernel: incomplete permission checking for access to rbd devices\n(CVE-2020-25284)\n\n* kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c\n(CVE-2020-25285)\n\n* kernel: improper input validation in ppp_cp_parse_cr function leads to\nmemory corruption and read overflow (CVE-2020-25643)\n\n* kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)\n\n* kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)\n\n* kernel: child process is able to access parent mm through hfi dev file\nhandle (CVE-2020-27835)\n\n* kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)\n\n* kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting\n- -\u003ereal_parent (CVE-2020-35508)\n\n* kernel: use after free in tun_get_user of tun.c could lead to local\nescalation of privilege (CVE-2021-0342)\n\n* kernel: NULL pointer dereferences in ov511_mode_init_regs and\nov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1783434 - CVE-2019-19523 kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver\n1783507 - CVE-2019-19528 kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver\n1831726 - CVE-2020-12464 kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c\n1833445 - CVE-2020-11608 kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c\n1848652 - CVE-2020-12114 kernel: DoS by corrupting mountpoint reference counter\n1853922 - CVE-2020-14314 kernel: buffer uses out of index in ext3/4 filesystem\n1868453 - CVE-2020-14356 kernel: Use After Free vulnerability in cgroup BPF component\n1869141 - CVE-2020-24394 kernel: umask not applied on filesystem without ACL support\n1877575 - CVE-2020-25212 kernel: TOCTOU mismatch in the NFS client code\n1879981 - CVE-2020-25643 kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow\n1882591 - CVE-2020-25285 kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c\n1882594 - CVE-2020-25284 kernel: incomplete permission checking for access to rbd devices\n1886109 - BUG: using smp_processor_id() in preemptible [00000000] code: handler106/3082 [rhel-rt-8.4.0]\n1894793 - After configure hugepage and reboot test server, kernel got panic status. \n1895961 - CVE-2020-25704 kernel: perf_event_parse_addr_filter memory\n1896842 - host locks up when running stress-ng itimers on RT kernel. \n1897869 - Running oslat in RT guest, guest kernel shows Call Trace: INFO: task kcompactd0:35 blocked for more than 600 seconds. \n1900933 - CVE-2020-27786 kernel: use-after-free in kernel midi subsystem\n1901161 - CVE-2020-15437 kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c\n1901709 - CVE-2020-27835 kernel: child process is able to access parent mm through hfi dev file handle\n1902724 - CVE-2020-35508 kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting -\u003ereal_parent\n1903126 - CVE-2020-28974 kernel: slab-out-of-bounds read in fbcon\n1915799 - CVE-2021-0342 kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege\n1919889 - CVE-2020-0431 kernel: possible out of bounds write in kbd_keycode of keyboard.c\n1930246 - CVE-2020-12362 kernel: Integer overflow in Intel(R) Graphics Drivers\n\n6. Package List:\n\nRed Hat Enterprise Linux Real Time for NFV (v. 8):\n\nSource:\nkernel-rt-4.18.0-305.rt7.72.el8.src.rpm\n\nx86_64:\nkernel-rt-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-core-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-core-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-devel-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-kvm-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-modules-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debuginfo-common-x86_64-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-devel-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-kvm-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-modules-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm\n\nRed Hat Enterprise Linux Real Time (v. 8):\n\nSource:\nkernel-rt-4.18.0-305.rt7.72.el8.src.rpm\n\nx86_64:\nkernel-rt-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-core-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-core-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-devel-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-modules-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debuginfo-common-x86_64-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-devel-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-modules-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-19523\nhttps://access.redhat.com/security/cve/CVE-2019-19528\nhttps://access.redhat.com/security/cve/CVE-2020-0431\nhttps://access.redhat.com/security/cve/CVE-2020-11608\nhttps://access.redhat.com/security/cve/CVE-2020-12114\nhttps://access.redhat.com/security/cve/CVE-2020-12362\nhttps://access.redhat.com/security/cve/CVE-2020-12464\nhttps://access.redhat.com/security/cve/CVE-2020-14314\nhttps://access.redhat.com/security/cve/CVE-2020-14356\nhttps://access.redhat.com/security/cve/CVE-2020-15437\nhttps://access.redhat.com/security/cve/CVE-2020-24394\nhttps://access.redhat.com/security/cve/CVE-2020-25212\nhttps://access.redhat.com/security/cve/CVE-2020-25284\nhttps://access.redhat.com/security/cve/CVE-2020-25285\nhttps://access.redhat.com/security/cve/CVE-2020-25643\nhttps://access.redhat.com/security/cve/CVE-2020-25704\nhttps://access.redhat.com/security/cve/CVE-2020-27786\nhttps://access.redhat.com/security/cve/CVE-2020-27835\nhttps://access.redhat.com/security/cve/CVE-2020-28974\nhttps://access.redhat.com/security/cve/CVE-2020-35508\nhttps://access.redhat.com/security/cve/CVE-2021-0342\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYKPwgNzjgjWX9erEAQiOVg//YfXIKUxc84y2aRexvrPHeTQvYkFMktq7\nNEhNhHqEZbDUabM5+eKb5hoyG44PmXvQuK1njYjEbpTjQss92U8fekGJZAR9Zbsl\nWEfVcu/ix/UJOzQj/lp+dKhirBSE/33xgBmSsQI6JQc+xn1AoZC8bOeSqyr7J6Y7\nt6I552Llhun9DDUGS8KYAM8PkrK3RGQybAS3S4atTdYd0qk42ZPF7/XqrbI7G4iq\n0Oe+ZePj6lN1O7pHV0WYUD2yzLTCZZopmz5847BLBEbGLqPyxlShZ+MFGsWxCOHk\ntW8lw/nqVt/MNlOXI1tD6P6iFZ6JQYrRU5mGFlvsl3t9NQW60MxmcUNPgtVknXW5\nBssBM/r6uLi0yFTTnDRZnv2MCs7fIzzqKXOHozrCvItswG6S8Qs72MaW2EQHAEen\nm7/fMKWTjt9CQudNCm/FwHLb8O9cYnOZwRiAINomo2B/Fi1b7WlquETSmjgQaQNr\nRxqtgiNQ98q92gnFgC8pCzxmiKRmHLFJEuxXYVq0O8Ch5i/eC8ExoO7Hqe6kYnJe\nZaST6fAtb2bMDcPdborfSIUmuDcYdKFtcEfCuuFZIbBxnL2aJDMw0zen/rmDNQyV\nlwwXoKanoP5EjKKFMc/zkeHlOInMzeHa/0DIlA9h3kpro5eGN0uOPZvsrlryjC+J\niJzkORGWplM\\xfb/D\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.4 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability\nengineers face as they work across a range of public and private cloud\nenvironments. \nClusters and applications are all visible and managed from a single\nconsole\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor\nthis release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* redisgraph-tls: redis: integer overflow when configurable limit for\nmaximum supported bulk input size is too big on 32-bit platforms\n(CVE-2021-21309)\n\n* console-header-container: nodejs-netmask: improper input validation of\noctal input data (CVE-2021-28092)\n\n* console-container: nodejs-is-svg: ReDoS via malicious string\n(CVE-2021-28918)\n\nBug fixes: \n\n* RHACM 2.2.4 images (BZ# 1957254)\n\n* Enabling observability for OpenShift Container Storage with RHACM 2.2 on\nOCP 4.7 (BZ#1950832)\n\n* ACM Operator should support using the default route TLS (BZ# 1955270)\n\n* The scrolling bar for search filter does not work properly (BZ# 1956852)\n\n* Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)\n\n* The proxy setup in install-config.yaml is not worked when IPI installing\nwith RHACM (BZ# 1960181)\n\n* Unable to make SSH connection to a Bitbucket server (BZ# 1966513)\n\n* Observability Thanos store shard crashing - cannot unmarshall DNS message\n(BZ# 1967890)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7\n1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory\n1954506 - [DDF] Table does not contain data about 20 clusters. Now it\u0027s difficult to estimate CPU usage with larger clusters\n1954535 - Reinstall Submariner - No endpoints found on one cluster\n1955270 - ACM Operator should support using the default route TLS\n1956852 - The scrolling bar for search filter does not work properly\n1957254 - RHACM 2.2.4 images\n1959426 - Limits on Length of MultiClusterObservability Resource Name\n1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. \n1963128 - [DDF] Please rename this to \"Amazon Elastic Kubernetes Service\"\n1966513 - Unable to make SSH connection to a Bitbucket server\n1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. \n1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message\n\n5. 7.7) - ppc64, ppc64le, x86_64\n\n3. Description:\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system. \n\nSecurity Fix(es):\n\n* kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n* kernel: use-after-free in fs/block_dev.c (CVE-2020-15436)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* RHEL7.7 - s390/dasd: Fix zero write for FBA devices (BZ#1931440)\n\n* Kernel experiences panic in update_group_power() due to division error\neven with Bug 1701115 fix (BZ#1961623)\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1901168 - CVE-2020-15436 kernel: use-after-free in fs/block_dev.c\n1930246 - CVE-2020-12362 kernel: Integer overflow in Intel(R) Graphics Drivers\n\n6. 6 ELS) - i386, s390x, x86_64\n\n3. \n\nBug Fix(es):\n\n* kernel-rt: update RT source tree to the latest RHEL-8.2.z9 Batch source\ntree (BZ#1949685)\n\n4. \n\nBug Fix(es):\n\n* RHEL8.3 - Include patch: powerpc/pci: Remove LSI mappings on device\nteardown (xive/pci) (BZ#1931925)\n\n* RHEL8.2 - [P10][Denali] System crash during a perf sanity test (perf:)\n(BZ#1933995)\n\n* [RHEL 8.1] AMD/EPYC nested guest virtualization L1 guest crash\n(BZ#1945404)\n\n* [HPEMC 8.1 REGRESSION] skx_uncore: probe of 0008:80:08.0 failed with\nerror -22 (BZ#1947114)\n\n* iperf3 over geneve created on vlan would fail (BZ#1947979)\n\n* [Azure][RHEL-8]Mellanox Patches To Prevent Kernel Hang In MLX4\n(BZ#1952071)\n\n* [HPEMC 8.4 REGRESSION]: perf/x86/intel/uncore kernel panic vulnerability\non Haswell and Broadwell servers (BZ#1956685)\n\n4",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12362"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016137"
},
{
"db": "VULHUB",
"id": "VHN-165033"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "162654"
},
{
"db": "PACKETSTORM",
"id": "162626"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163248"
},
{
"db": "PACKETSTORM",
"id": "163578"
},
{
"db": "PACKETSTORM",
"id": "163018"
},
{
"db": "PACKETSTORM",
"id": "162907"
},
{
"db": "PACKETSTORM",
"id": "162916"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12362",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVNVU93808918",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016137",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162654",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162907",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163248",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162626",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163018",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163188",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162916",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163026",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162640",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163020",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162878",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162837",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163050",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162877",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162768",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-165033",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163789",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163578",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165033"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "162654"
},
{
"db": "PACKETSTORM",
"id": "162626"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163248"
},
{
"db": "PACKETSTORM",
"id": "163578"
},
{
"db": "PACKETSTORM",
"id": "163018"
},
{
"db": "PACKETSTORM",
"id": "162907"
},
{
"db": "PACKETSTORM",
"id": "162916"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016137"
},
{
"db": "NVD",
"id": "CVE-2020-12362"
}
]
},
"id": "VAR-202102-0068",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-165033"
}
],
"trust": 0.01
},
"last_update_date": "2025-12-22T20:43:38.588000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00438",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016137"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.1
},
{
"problemtype": "Integer overflow or wraparound (CWE-190) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165033"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016137"
},
{
"db": "NVD",
"id": "CVE-2020-12362"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
},
{
"trust": 1.1,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2020-12362"
},
{
"trust": 0.9,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93808918/index.html"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-12114"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12114"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12364"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25037"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12363"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33909"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28935"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25034"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25035"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25038"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26137"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25032"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25041"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25036"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27619"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-25215"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23336"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12363"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25039"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25040"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12364"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24394"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35508"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19528"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12464"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14314"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25212"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25643"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19523"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25704"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0342"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0431"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25285"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35508"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25212"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19523"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28974"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14356"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27835"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-15437"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25284"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25704"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14356"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28974"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27786"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27835"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14314"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25643"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11608"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11608"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24394"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15437"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-0431"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-0342"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12464"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19528"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27786"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3347"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-0466"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28374"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28374"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14347"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23240"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3520"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9951"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23239"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36242"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3537"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32399"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9948"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14345"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13584"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25659"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3119"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25217"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9983"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14344"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14345"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14344"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28211"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33910"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1739"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1578"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36322"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36322"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28165"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28092"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13776"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24977"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10878"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21309"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3501"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27170"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25692"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2433"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24332"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2461"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15436"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33909"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-006"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2293"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2190"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2185"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165033"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "162654"
},
{
"db": "PACKETSTORM",
"id": "162626"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163248"
},
{
"db": "PACKETSTORM",
"id": "163578"
},
{
"db": "PACKETSTORM",
"id": "163018"
},
{
"db": "PACKETSTORM",
"id": "162907"
},
{
"db": "PACKETSTORM",
"id": "162916"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016137"
},
{
"db": "NVD",
"id": "CVE-2020-12362"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-165033"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "162654"
},
{
"db": "PACKETSTORM",
"id": "162626"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163248"
},
{
"db": "PACKETSTORM",
"id": "163578"
},
{
"db": "PACKETSTORM",
"id": "163018"
},
{
"db": "PACKETSTORM",
"id": "162907"
},
{
"db": "PACKETSTORM",
"id": "162916"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016137"
},
{
"db": "NVD",
"id": "CVE-2020-12362"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-17T00:00:00",
"db": "VULHUB",
"id": "VHN-165033"
},
{
"date": "2021-08-11T16:15:17",
"db": "PACKETSTORM",
"id": "163789"
},
{
"date": "2021-05-19T14:06:16",
"db": "PACKETSTORM",
"id": "162654"
},
{
"date": "2021-05-19T13:56:20",
"db": "PACKETSTORM",
"id": "162626"
},
{
"date": "2021-06-17T17:53:22",
"db": "PACKETSTORM",
"id": "163188"
},
{
"date": "2021-06-22T19:41:34",
"db": "PACKETSTORM",
"id": "163248"
},
{
"date": "2021-07-21T16:02:03",
"db": "PACKETSTORM",
"id": "163578"
},
{
"date": "2021-06-09T13:15:12",
"db": "PACKETSTORM",
"id": "163018"
},
{
"date": "2021-06-02T13:33:47",
"db": "PACKETSTORM",
"id": "162907"
},
{
"date": "2021-06-02T13:48:59",
"db": "PACKETSTORM",
"id": "162916"
},
{
"date": "2021-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-016137"
},
{
"date": "2021-02-17T14:15:15.123000",
"db": "NVD",
"id": "CVE-2020-12362"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "VULHUB",
"id": "VHN-165033"
},
{
"date": "2021-11-09T09:08:00",
"db": "JVNDB",
"id": "JVNDB-2020-016137"
},
{
"date": "2024-11-21T04:59:34.980000",
"db": "NVD",
"id": "CVE-2020-12362"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Windows\u00a0 and \u00a0Linux\u00a0 for \u00a0Intel(R)\u00a0Graphics\u00a0Drivers\u00a0 Integer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016137"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow",
"sources": [
{
"db": "PACKETSTORM",
"id": "162654"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163248"
},
{
"db": "PACKETSTORM",
"id": "163578"
},
{
"db": "PACKETSTORM",
"id": "163018"
},
{
"db": "PACKETSTORM",
"id": "162907"
},
{
"db": "PACKETSTORM",
"id": "162916"
}
],
"trust": 0.7
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.