CVE-2020-11668 (High) detected in linuxv3.10 #195

mend-bolt-for-github · 2020-11-04T13:37:17Z

CVE-2020-11668 - High Severity Vulnerability

Vulnerable Library - linuxv3.10

Linux kernel source tree

Library home page: https://github.com/torvalds/linux.git

Found in HEAD commit: ac11c9631a8abeed315b67913aab3ba7a400aef3

Found in base branch: cosmic-experimental-1.6

Vulnerable Source Files (2)

android_kernel_samsung_a3xelte/drivers/media/usb/gspca/xirlink_cit.c
android_kernel_samsung_a3xelte/drivers/media/usb/gspca/xirlink_cit.c

Vulnerability Details

In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.

Publish Date: 2020-04-09

URL: CVE-2020-11668

CVSS 3 Score Details (7.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: torvalds/linux@a246b4d

Release Date: 2020-03-12

Fix Resolution: Replace or update the following file: xirlink_cit.c

Step up your Open Source Security Game with WhiteSource here

The text was updated successfully, but these errors were encountered:

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Nov 4, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2020-11668 (High) detected in linuxv3.10 #195

CVE-2020-11668 (High) detected in linuxv3.10 #195

mend-bolt-for-github bot commented Nov 4, 2020

CVE-2020-11668 (High) detected in linuxv3.10 #195

CVE-2020-11668 (High) detected in linuxv3.10 #195

Comments

mend-bolt-for-github bot commented Nov 4, 2020

CVE-2020-11668 - High Severity Vulnerability