CVE-2020-25220

Опубликовано: 22 июл. 2020

Источник: redhat

CVSS3: 7

EPSS Низкий

Описание

The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature.

A flaw was found in the Linux kernel. The cgroups feature is affected by a use-after-free memory flaw that was not considered during the backport for CVE-2020-14356. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise MRG 2	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=1877920kernel: use-after-free because skcd->no_refcnt was not considered during the backport of CVE-2020-14356

EPSS

Процентиль: 31%

0.00115

Низкий

7 High

CVSS3

Связанные уязвимости

CVE-2020-25220

CVSS3: 7.8

ubuntu

больше 5 лет назад

CVE-2020-25220

CVSS3: 7.8

nvd

больше 5 лет назад

CVE-2020-25220

CVSS3: 7.8

debian

больше 5 лет назад

The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.1 ...

GHSA-m4f8-m4jg-vm84

github

больше 3 лет назад

BDU:2020-04348

CVSS3: 7.8

fstec

больше 5 лет назад

Уязвимость функции cgroups ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 31%

0.00115

Низкий

7 High

CVSS3