CVE-2020-27067

Опубликовано: 01 мар. 2021

Источник: redhat

CVSS3: 6.4

Описание

In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152409173

A flaw use-after-free in the Linux kernel l2tp subsystem was found in the way user initialize and use vpn connection over l2tp. A local user could use this flaw to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Меры по смягчению последствий

To mitigate this issue, prevent the module l2tp_core from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Will not fix
Red Hat Enterprise Linux 7	kernel-alt	Will not fix
Red Hat Enterprise Linux 7	kernel-rt	Will not fix
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=1933737kernel: use after free due to a race condition may lead to local escalation of privilege

6.4 Medium

CVSS3

Связанные уязвимости

CVE-2020-27067

CVSS3: 6.4

ubuntu

около 5 лет назад

CVE-2020-27067

CVSS3: 6.4

nvd

около 5 лет назад

CVE-2020-27067

CVSS3: 6.4

debian

около 5 лет назад

In the l2tp subsystem, there is a possible use after free due to a rac ...

GHSA-ghgp-g2w8-92pm

github

больше 3 лет назад

6.4 Medium

CVSS3