USN-4318-1

Advisory lineage Upstream: 6 Downstream: 0

Upstream

CVE-2020-8428 CVE-2020-8834 CVE-2020-8992 UBUNTU-CVE-2020-8428 UBUNTU-CVE-2020-8834 UBUNTU-CVE-2020-8992

Published: 06 Apr 2020, 20:29

Last modified:03 Jun 2026, 14:04

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

06 Apr 2020, 20:29

Published

Vulnerability first disclosed

03 Jun 2026, 14:04

Last Modified

Vulnerability information updated

Description

linux, linux-hwe vulnerabilities Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-8428) Gustavo Romero and Paul Mackerras discovered that the KVM implementation in the Linux kernel for PowerPC processors did not properly keep guest state separate from host state. A local attacker in a KVM guest could use this to cause a denial of service (host system crash). (CVE-2020-8834) Shijie Luo discovered that the ext4 file system implementation in the Linux kernel did not properly check for a too-large journal size. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (soft lockup). (CVE-2020-8992)

Affected Systems

ubuntu•linux
< 4.15.0-96.97
ubuntu•linux-hwe
< 4.15.0-96.97~16.04.1

USN-4318-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)