CVE-2020-28941

Опубликовано: 19 нояб. 2020

Источник: nvd

CVSS3: 5.5

CVSS2: 4.9

EPSS Низкий

Описание

An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.

Ссылки

http://www.openwall.com/lists/oss-security/2020/11/19/5
Mailing List
Patch
Third Party Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d4122754442799187d5d537a9c039a49a67e57f1
Patch
Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-linus&id=d4122754442799187d5d537a9c039a49a67e57f1
Patch
Vendor Advisory
https://github.com/torvalds/linux/commit/d4122754442799187d5d537a9c039a49a67e57f1
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/
https://www.openwall.com/lists/oss-security/2020/11/19/3
Mailing List
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/11/19/5
Mailing List
Patch
Third Party Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d4122754442799187d5d537a9c039a49a67e57f1
Patch
Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-linus&id=d4122754442799187d5d537a9c039a49a67e57f1
Patch
Vendor Advisory
https://github.com/torvalds/linux/commit/d4122754442799187d5d537a9c039a49a67e57f1
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/
https://www.openwall.com/lists/oss-security/2020/11/19/3
Mailing List
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 5.9.9 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.00062

Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-763

Связанные уязвимости

CVE-2020-28941

CVSS3: 5.5

ubuntu

около 5 лет назад

CVE-2020-28941

redhat

около 5 лет назад

CVE-2020-28941

CVSS3: 5.5

msrc

около 5 лет назад

An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.

CVE-2020-28941

CVSS3: 5.5

debian

около 5 лет назад

An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c i ...

GHSA-5pqg-qmmw-g6j5

CVSS3: 5.5

github

больше 3 лет назад

EPSS

Процентиль: 19%

0.00062

Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-763