Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-0423

Опубликовано: 14 окт. 2020
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161151868References: N/A

A use-after-free flaw was found in the binder_release_work of binder.c due to improper locking. This flaw can lead to the local escalation of privileges in the kernel where no additional execution privileges are needed. User interaction is not needed for exploitation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-667
https://bugzilla.redhat.com/show_bug.cgi?id=1935170kernel: use-after-free in binder_release_work of binder.c due to improper locking may lead to local escalation of privilege

EPSS

Процентиль: 76%
0.00949
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-0423

CVSS3: 7.8
ubuntu
больше 5 лет назад

In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161151868References: N/A

nvd логотип

CVE-2020-0423

CVSS3: 7.8
nvd
больше 5 лет назад

In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161151868References: N/A

debian логотип

CVE-2020-0423

CVSS3: 7.8
debian
больше 5 лет назад

In binder_release_work of binder.c, there is a possible use-after-free ...

github логотип

GHSA-9xmp-2mmm-6x5g

CVSS3: 7.8
github
больше 3 лет назад

In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161151868References: N/A

fstec логотип

BDU:2025-00842

CVSS3: 7.8
fstec
больше 5 лет назад

Уязвимость функции binder_release_work компонента binder.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 76%
0.00949
Низкий

7.8 High

CVSS3