CVE-2020-13143
18.05.2020, 18:15
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.Enginsight
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 3.16 ≤ 𝑥 ≤ 5.6.13 |
| opensuse | leap | 15.1 |
| opensuse | leap | 15.2 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 19.10 |
| canonical | ubuntu_linux | 20.04 |
| netapp | active_iq_unified_manager | - |
| netapp | cloud_backup | - |
| netapp | element_software | - |
| netapp | hci_management_node | - |
| netapp | solidfire | - |
| netapp | steelstore_cloud_integrated_storage | - |
| netapp | solidfire_baseboard_management_controller_firmware | - |
| netapp | bootstrap_os | - |
| netapp | a700s_firmware | - |
| netapp | h300s_firmware | - |
| netapp | h500s_firmware | - |
| netapp | h700s_firmware | - |
| netapp | h300e_firmware | - |
| netapp | h500e_firmware | - |
| netapp | h700e_firmware | - |
| netapp | h410s_firmware | - |
| netapp | h410c_firmware | - |
| netapp | h610c_firmware | - |
| netapp | h610s_firmware | - |
| netapp | h615c_firmware | - |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| linux |
| ||||||||||
| linux-aws |
| ||||||||||
| linux-aws-5.0 |
| ||||||||||
| linux-aws-5.3 |
| ||||||||||
| linux-aws-5.4 |
| ||||||||||
| linux-aws-hwe |
| ||||||||||
| linux-azure |
| ||||||||||
| linux-azure-4.15 |
| ||||||||||
| linux-azure-5.3 |
| ||||||||||
| linux-azure-5.4 |
| ||||||||||
| linux-azure-edge |
| ||||||||||
| linux-gcp |
| ||||||||||
| linux-gcp-4.15 |
| ||||||||||
| linux-gcp-5.3 |
| ||||||||||
| linux-gcp-5.4 |
| ||||||||||
| linux-gcp-edge |
| ||||||||||
| linux-gke-4.15 |
| ||||||||||
| linux-gke-5.0 |
| ||||||||||
| linux-gke-5.3 |
| ||||||||||
| linux-hwe |
| ||||||||||
| linux-hwe-5.4 |
| ||||||||||
| linux-hwe-edge |
| ||||||||||
| linux-kvm |
| ||||||||||
| linux-lts-trusty |
| ||||||||||
| linux-lts-xenial |
| ||||||||||
| linux-oem |
| ||||||||||
| linux-oem-5.6 |
| ||||||||||
| linux-oem-osp1 |
| ||||||||||
| linux-oracle |
| ||||||||||
| linux-oracle-5.0 |
| ||||||||||
| linux-oracle-5.3 |
| ||||||||||
| linux-oracle-5.4 |
| ||||||||||
| linux-raspi |
| ||||||||||
| linux-raspi-5.4 |
| ||||||||||
| linux-raspi2 |
| ||||||||||
| linux-raspi2-5.3 |
| ||||||||||
| linux-riscv |
| ||||||||||
| linux-snapdragon |
|
Common Weakness Enumeration
References