VDB
GCVE-110-MAGEIA-2020-201
GCVE-110-MAGEIA-2020-201
Advisory Published
This update is based on the upstream 5.6.8 kernel and fixes at least
the following security issues:
usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before
5.6.8 has a use-after-free because a transfer occurs without a
reference(CVE-2020-12464).
An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg
in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the
CAP_NET_ADMIN capability) because of a lack of headroom validation
(CVE-2020-12659).
Other fixes in this update:
- printk: queue wake_up_klogd irq_work only if per-CPU areas are ready
- Fix use after free in get_tree_bdev()
- propagate_one(): mnt_set_mountpoint() needs mount_lock
- iwlwifi: pcie: handle QuZ configs with killer NICs as well
- Fix building out of tree modules on aarch64 (pterjan)
For other fixes and changes in this update, see the refenced changelogs.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | kmod-xtables-addons | 3.9-2.mga7 (unaffected), 0 (affected), 3.9-2.mga7 (unaffected), 0 (affected) | — |
| Mageia | isodumper | 0 (affected), 1.21-1.mga7 (unaffected) | — |
| Mageia | kernel | 0 (affected), 5.6.8-1.mga7 (unaffected), 0 (affected), 5.6.8-1.mga7 (unaffected) | — |
| Mageia | kmod-virtualbox | 0 (affected), 6.0.20-4.mga7 (unaffected), 0 (affected), 6.0.20-4.mga7 (unaffected) | — |
Aliases
References
Browse GCVE Records
73,040 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.