Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2021-01920

Опубликовано: 07 мая 2020
Источник: fstec
CVSS3: 7.8
CVSS2: 6.8
EPSS Низкий

Описание

Уязвимость реализации протокола MIDI ядра операционной системы Linux связана с использованием памяти после ее освобождения. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии

Вендор

Red Hat Inc.
Сообщество свободного программного обеспечения
Novell Inc.
ООО «Открытая мобильная платформа»

Наименование ПО

Red Hat Enterprise Linux
Debian GNU/Linux
SUSE Linux Enterprise Server for SAP Applications
SUSE OpenStack Cloud
SUSE Linux Enterprise Module for Basesystem
SUSE Enterprise Storage
SUSE Linux Enterprise Module for Development Tools
SUSE Linux Enterprise Point of Sale
Suse Linux Enterprise Server
SUSE Linux Enterprise High Availability
SUSE Linux Enterprise Live Patching
SUSE Linux Enterprise Module for Legacy Software
SUSE Linux Enterprise Module for Live Patching
SUSE Linux Enterprise Workstation Extension
SUSE Linux Enterprise Module for Open Buildservice Development Tools
OpenSUSE Leap
SUSE Linux Enterprise Software Development Kit
SUSE Linux Enterprise Module for Public Cloud
HPE Helion Openstack
SUSE Linux Enterprise Module for Realtime packages
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise Real Time Extension
ОС Аврора
Linux

Версия ПО

7 (Red Hat Enterprise Linux)
9 (Debian GNU/Linux)
12 SP2 (SUSE Linux Enterprise Server for SAP Applications)
12 SP2-BCL (SUSE Linux Enterprise Server for SAP Applications)
12 SP2-ESPOS (SUSE Linux Enterprise Server for SAP Applications)
12 SP2-LTSS (SUSE Linux Enterprise Server for SAP Applications)
12 SP3 (SUSE Linux Enterprise Server for SAP Applications)
12 SP4 (SUSE Linux Enterprise Server for SAP Applications)
7 (SUSE OpenStack Cloud)
8 (Red Hat Enterprise Linux)
15 SP1 (SUSE Linux Enterprise Module for Basesystem)
5 (SUSE Enterprise Storage)
15 SP1 (SUSE Linux Enterprise Module for Development Tools)
12 SP2-CLIENT (SUSE Linux Enterprise Point of Sale)
12 SP2-BCL (Suse Linux Enterprise Server)
12 SP2-ESPOS (Suse Linux Enterprise Server)
12 SP2 (SUSE Linux Enterprise High Availability)
12 SP3 (SUSE Linux Enterprise High Availability)
12 SP4 (SUSE Linux Enterprise High Availability)
15 (SUSE Linux Enterprise High Availability)
15 SP1 (SUSE Linux Enterprise High Availability)
12 SP4 (SUSE Linux Enterprise Live Patching)
15 SP1 (SUSE Linux Enterprise Module for Legacy Software)
15 (SUSE Linux Enterprise Module for Live Patching)
15 SP1 (SUSE Linux Enterprise Workstation Extension)
15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools)
15.1 (OpenSUSE Leap)
15 (SUSE Linux Enterprise Server for SAP Applications)
11 SP4-LTSS (Suse Linux Enterprise Server)
12 SP2-LTSS (Suse Linux Enterprise Server)
11 SP4-LTSS (SUSE Linux Enterprise Server for SAP Applications)
15 SP1 (SUSE Linux Enterprise Module for Live Patching)
12 SP3-LTSS (Suse Linux Enterprise Server)
8 (SUSE OpenStack Cloud)
12 SP3-BCL (Suse Linux Enterprise Server)
12 SP5 (Suse Linux Enterprise Server)
12 SP3-BCL (SUSE Linux Enterprise Server for SAP Applications)
12 SP3-LTSS (SUSE Linux Enterprise Server for SAP Applications)
12 SP5 (SUSE Linux Enterprise Server for SAP Applications)
12 SP5 (SUSE Linux Enterprise Software Development Kit)
15 SP1 (SUSE Linux Enterprise Module for Public Cloud)
Crowbar 8 (SUSE OpenStack Cloud)
10 (Debian GNU/Linux)
8 (HPE Helion Openstack)
12 SP3-ESPOS (Suse Linux Enterprise Server)
12 SP3-ESPOS (SUSE Linux Enterprise Server for SAP Applications)
9 (SUSE OpenStack Cloud)
12 SP5 (SUSE Linux Enterprise High Availability)
15 SP1 (SUSE Linux Enterprise Module for Realtime packages)
12 SP5 (SUSE Linux Enterprise Workstation Extension)
12 SP5 (SUSE Linux Enterprise Live Patching)
15-ESPOS (SUSE Linux Enterprise High Performance Computing)
15-LTSS (SUSE Linux Enterprise High Performance Computing)
15-LTSS (Suse Linux Enterprise Server)
Crowbar 9 (SUSE OpenStack Cloud)
15 SP2 (SUSE Linux Enterprise Module for Basesystem)
12 SP5 (SUSE Linux Enterprise Real Time Extension)
15 SP2 (SUSE Linux Enterprise Module for Open Buildservice Development Tools)
15 SP2 (SUSE Linux Enterprise Workstation Extension)
15.2 (OpenSUSE Leap)
15 SP2 (SUSE Linux Enterprise Module for Development Tools)
12 SP4-ESPOS (Suse Linux Enterprise Server)
12 SP4-LTSS (SUSE Linux Enterprise Server for SAP Applications)
12 SP4-ESPOS (SUSE Linux Enterprise Server for SAP Applications)
15 SP2 (SUSE Linux Enterprise High Availability)
15 SP2 (SUSE Linux Enterprise Module for Legacy Software)
15 SP2 (SUSE Linux Enterprise Module for Live Patching)
15 SP2 (SUSE Linux Enterprise Module for Public Cloud)
15 SP2 (SUSE Linux Enterprise Module for Realtime packages)
12 SP4-LTSS (Suse Linux Enterprise Server)
до 4.0.2.249 включительно (ОС Аврора)
до 4.0.2.249 включительно (ОС Аврора)
до 4.0.2.249 включительно (ОС Аврора)
от 4.0 до 4.4.223 включительно (Linux)
от 4.5 до 4.9.223 включительно (Linux)
от 4.10 до 4.14.180 включительно (Linux)
от 4.15 до 4.19.123 включительно (Linux)
от 4.20 до 5.4.41 включительно (Linux)
от 5.5 до 5.6.13 включительно (Linux)

Тип ПО

Операционная система
Прикладное ПО информационных систем

Операционные системы и аппаратные платформы

Red Hat Inc. Red Hat Enterprise Linux 7
Сообщество свободного программного обеспечения Debian GNU/Linux 9
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-BCL
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-ESPOS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-LTSS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4
Red Hat Inc. Red Hat Enterprise Linux 8
Novell Inc. Suse Linux Enterprise Server 12 SP2-BCL
Novell Inc. Suse Linux Enterprise Server 12 SP2-ESPOS
Novell Inc. OpenSUSE Leap 15.1
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15
Novell Inc. Suse Linux Enterprise Server 11 SP4-LTSS
Novell Inc. Suse Linux Enterprise Server 12 SP2-LTSS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS
Novell Inc. Suse Linux Enterprise Server 12 SP3-LTSS
Novell Inc. Suse Linux Enterprise Server 12 SP3-BCL
Novell Inc. Suse Linux Enterprise Server 12 SP5
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3-BCL
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3-LTSS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5
Сообщество свободного программного обеспечения Debian GNU/Linux 10
Novell Inc. Suse Linux Enterprise Server 12 SP3-ESPOS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3-ESPOS
Novell Inc. Suse Linux Enterprise Server 15-LTSS
Novell Inc. OpenSUSE Leap 15.2
Novell Inc. Suse Linux Enterprise Server 12 SP4-ESPOS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4-LTSS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4-ESPOS
Novell Inc. Suse Linux Enterprise Server 12 SP4-LTSS
Сообщество свободного программного обеспечения Linux 5.7 rc6
ООО «Открытая мобильная платформа» ОС Аврора до 4.0.2.249 включительно
ООО «Открытая мобильная платформа» ОС Аврора до 4.0.2.249 включительно
ООО «Открытая мобильная платформа» ОС Аврора до 4.0.2.249 включительно

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6,8)
Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 7,8)

Возможные меры по устранению уязвимости

Использование рекомендаций:
Для Linux:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.181
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.124
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.224
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.224
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.42
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.14
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2020-27786
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2020-27786/
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2020-27786
Для ОС Аврора:
https://cve.omp.ru/bb23402

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 91%
0.07122
Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2020-27786

CVSS3: 7.8
ubuntu
больше 4 лет назад

A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

redhat логотип

CVE-2020-27786

CVSS3: 7.8
redhat
больше 4 лет назад

A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

nvd логотип

CVE-2020-27786

CVSS3: 7.8
nvd
больше 4 лет назад

A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

debian логотип

CVE-2020-27786

CVSS3: 7.8
debian
больше 4 лет назад

A flaw was found in the Linux kernel\u2019s implementation of MIDI, wh ...

github логотип

GHSA-3mfq-6299-p3w3

CVSS3: 7.8
github
около 3 лет назад

A flaw was found in the Linux kernels implementation of MIDI (kernel 5.7-rc6), where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.

EPSS

Процентиль: 91%
0.07122
Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2