Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-27835

Опубликовано: 25 нояб. 2020
Источник: redhat
CVSS3: 6.4
EPSS Низкий

Описание

A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.

A flaw use after free in the Linux kernel infiniband hfi1 driver was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.

Отчет

This flaw is rated as having a Moderate impact because the issue can only be triggered by an authorized local user with access to a system with specific hardware present.

Меры по смягчению последствий

To mitigate this issue, prevent the module hfi1 from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to denylist a kernel module to prevent it from loading automatically.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelWill not fix
Red Hat Enterprise Linux 7kernel-altWill not fix
Red Hat Enterprise Linux 7kernel-rtWill not fix
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2021:173918.05.2021
Red Hat Enterprise Linux 8kernelFixedRHSA-2021:157818.05.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1901709kernel: child process is able to access parent mm through hfi dev file handle

EPSS

Процентиль: 26%
0.00087
Низкий

6.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-27835

CVSS3: 4.4
ubuntu
больше 4 лет назад

A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.

nvd логотип

CVE-2020-27835

CVSS3: 4.4
nvd
больше 4 лет назад

A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.

debian логотип

CVE-2020-27835

CVSS3: 4.4
debian
больше 4 лет назад

A use after free in the Linux kernel infiniband hfi1 driver in version ...

github логотип

GHSA-8pf6-658f-7qh2

github
около 3 лет назад

A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.

fstec логотип

BDU:2021-01044

CVSS3: 4.4
fstec
больше 4 лет назад

Уязвимость драйвера infiniband hfi1 ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 26%
0.00087
Низкий

6.4 Medium

CVSS3