CVE-2020-27820

Published: Nov 3, 2021Modified: Nov 21, 2024

4.7

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.0 / Impact: 3.6

Source: NVD

Description

A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).

Affected (13)

Products: Linux: Linux Kernel · Fedoraproject: Fedora · Oracle: Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function, Communications Cloud Native Core Policy

1 product

1 product

3 products

Communications Cloud Native Core Binding Support Function

Communications Cloud Native Core Network Exposure Function

Communications Cloud Native Core Policy

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	After 2.6.12 to 5.4.162
Linux Linux Kernel	After 5.11 to 5.15.5
Linux Linux Kernel	After 5.5 to 5.10.82
Linux Linux Kernel	Version 2.6.12
Linux Linux Kernel	Version 2.6.12 rc2
Linux Linux Kernel	Version 2.6.12 rc3
Linux Linux Kernel	Version 2.6.12 rc4
Linux Linux Kernel	Version 2.6.12 rc5
Linux Linux Kernel	Version 2.6.12 rc6

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications Cloud Native Core Binding Support Function	Version 22.1.3
Oracle Communications Cloud Native Core Network Exposure Function	Version 22.1.1
Oracle Communications Cloud Native Core Policy	Version 22.2.0