Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-0466

Опубликовано: 18 янв. 2021
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel

A flaw was found in the Linux kernel. A logic error in eventpoll.c can cause a use-after-free, leading to a local escalation of privilege with no additional execution privileges. User interaction is not needed for exploitation. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.

Меры по смягчению последствий

Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 6 Extended Lifecycle SupportkernelFixedRHSA-2022:141719.04.2022
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2022:062222.02.2022
Red Hat Enterprise Linux 7kpatch-patchFixedRHSA-2022:059222.02.2022
Red Hat Enterprise Linux 7kernelFixedRHSA-2022:062022.02.2022
Red Hat Enterprise Linux 7.3 Advanced Update SupportkernelFixedRHSA-2022:052915.02.2022
Red Hat Enterprise Linux 7.4 Advanced Update SupportkernelFixedRHSA-2022:110429.03.2022
Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)kernelFixedRHSA-2022:053115.02.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1920480kernel: use after free in eventpoll.c may lead to escalation of privilege

EPSS

Процентиль: 10%
0.00038
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-0466

CVSS3: 7.8
ubuntu
больше 4 лет назад

In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel

nvd логотип

CVE-2020-0466

CVSS3: 7.8
nvd
больше 4 лет назад

In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel

debian логотип

CVE-2020-0466

CVSS3: 7.8
debian
больше 4 лет назад

In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a poss ...

github логотип

GHSA-4pj4-7m9h-v9gf

github
около 3 лет назад

In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel

oracle-oval логотип

ELSA-2023-12527

oracle-oval
почти 2 года назад

ELSA-2023-12527: kernel security update (IMPORTANT)

EPSS

Процентиль: 10%
0.00038
Низкий

7.8 High

CVSS3