CVE-2020-25656

Опубликовано: 16 окт. 2020

Источник: redhat

CVSS3: 4.1

EPSS Низкий

Описание

A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.

Отчет

This issue is rated as having Moderate impact because of the attack scenario limitation where only local user with access to VT console if at least CAP_SYS_TTY_CONFIG enabled can trigger this issue.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Will not fix
Red Hat Enterprise MRG 2	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2021:0857	16.03.2021
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2021:0856	16.03.2021
Red Hat Enterprise Linux 8	kernel-rt	Fixed	RHSA-2024:2950	22.05.2024
Red Hat Enterprise Linux 8	kernel	Fixed	RHSA-2024:3138	22.05.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=1888726kernel: use-after-free in read in vt_do_kdgkb_ioctl

EPSS

Процентиль: 1%

0.00011

Низкий

4.1 Medium

CVSS3

Связанные уязвимости

CVE-2020-25656

CVSS3: 4.1

ubuntu

больше 4 лет назад

CVE-2020-25656

CVSS3: 4.1

nvd

больше 4 лет назад

CVE-2020-25656

CVSS3: 4.1

msrc

больше 4 лет назад

Описание отсутствует

CVE-2020-25656

CVSS3: 4.1

debian

больше 4 лет назад

A flaw was found in the Linux kernel. A use-after-free was found in th ...

GHSA-4pfp-w4vm-364q

CVSS3: 4.1

github

около 3 лет назад

EPSS

Процентиль: 1%

0.00011

Низкий

4.1 Medium

CVSS3