Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-0427

Опубликовано: 22 нояб. 2020
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171

A flaw was found in the Linux pinctrl system. It is possible to trigger an of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2021:085716.03.2021
Red Hat Enterprise Linux 7kernelFixedRHSA-2021:085616.03.2021
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2021:414009.11.2021
Red Hat Enterprise Linux 8kernelFixedRHSA-2021:435609.11.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1919893kernel: out-of-bounds reads in pinctrl subsystem.

EPSS

Процентиль: 39%
0.00166
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-0427

CVSS3: 5.5
ubuntu
почти 5 лет назад

In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171

nvd логотип

CVE-2020-0427

CVSS3: 5.5
nvd
почти 5 лет назад

In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171

debian логотип

CVE-2020-0427

CVSS3: 5.5
debian
почти 5 лет назад

In create_pinctrl of core.c, there is a possible out of bounds read du ...

github логотип

GHSA-cmm7-9576-wh39

CVSS3: 5.5
github
около 3 лет назад

In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171

fstec логотип

BDU:2020-05785

CVSS3: 5.5
fstec
больше 5 лет назад

Уязвимость функции create_pinctrl контроллера контактов ввода-вывода операционной системы Android, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 39%
0.00166
Низкий

5.5 Medium

CVSS3