Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-27066

Опубликовано: 15 дек. 2020
Источник: redhat
CVSS3: 6.7
EPSS Низкий

Описание

In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168043318

A flaw was found in the Linux kernel. There is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Отчет

This flaw is rated as having Low impact because of the need to have elevated privileges and both configuration with the usage of IPV6.

Меры по смягчению последствий

To mitigate this issue, prevent the module xfrm6_tunnel from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1928716kernel: use after free in xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c leads to local escalation of privilege

EPSS

Процентиль: 8%
0.00028
Низкий

6.7 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-27066

CVSS3: 6.7
ubuntu
около 5 лет назад

In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168043318

nvd логотип

CVE-2020-27066

CVSS3: 6.7
nvd
около 5 лет назад

In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168043318

debian логотип

CVE-2020-27066

CVSS3: 6.7
debian
около 5 лет назад

In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possib ...

github логотип

GHSA-wjx5-v4h6-vg36

github
больше 3 лет назад

In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168043318

EPSS

Процентиль: 8%
0.00028
Низкий

6.7 Medium

CVSS3