Docker image critical and high vulnerabilities found after scan in ECR, R kernel dies in SageMaker Studio #5
Description
Vulnerability results after scan in ECR:
| CVE-2019-19816 | linux:4.19.152-1 | CRITICAL | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled. |
|---|---|---|---|
| CVE-2019-19814 | linux:4.19.152-1 | CRITICAL | In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this. |
| CVE-2020-27153 | bluez:5.50-1.2~deb10u1 | HIGH | In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. |
| CVE-2020-0423 | linux:4.19.152-1 | HIGH | In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161151868References: N/A |