Описание
The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature.
The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-25220
- https://bugzilla.redhat.com/show_bug.cgi?id=1868453
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.194
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.140
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.233
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.14.y&id=82fd2138a5ffd7e0d4320cdb669e115ee976a26e
- https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
- https://security.netapp.com/advisory/ntap-20201001-0004
- https://www.spinics.net/lists/stable/msg405099.html
Связанные уязвимости
The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature.
The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature.
The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature.
The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.1 ...
Уязвимость функции cgroups ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код