← Back

CVE-2020-27825

nvd nist
Published: Dec 11, 2020Modified: Nov 21, 2024

JSON object

Loading...
5.7
Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H
Exploitability: 0.5 / Impact: 5.2
Source: NVD

Description

A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.

Affected (9)

Show all products
Linux: Linux Kernel · Redhat: Enterprise Linux, Enterprise Mrg · Debian: Debian Linux · Netapp: Cloud Backup, Solidfire Baseboard Management Controller Firmware, H410c Firmware
Linux
1 product
Linux Kernel
Redhat
2 products
Enterprise Linux
Enterprise Mrg
Debian
1 product
Debian Linux
Netapp
3 products
Cloud Backup
Solidfire Baseboard Management Controller Firmware
H410c Firmware
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Linux Kernel
Version 5.10 rc1
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Linux
Version 7.0
Enterprise Linux
Version 8.0
Enterprise Mrg
Version 2.0
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 10.0
Debian Linux
Version 9.0
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Cloud Backup
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Solidfire Baseboard Management Controller Firmware
All versions
Running on/withPlatform Versions
Netapp
Solidfire Baseboard Management Controller
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H410c Firmware
All versions
Running on/withPlatform Versions
Netapp
H410c
All versions

Related CWEs

CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (10)

Source: secalert@redhat.com
Issue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.