Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-8647

Опубликовано: 30 янв. 2020
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.

A flaw was found in the Linux kernel’s virtual console resize functionality. An attacker with local access to virtual consoles can use the virtual console resizing code to gather kernel internal data structures.

Отчет

This flaw is rated as having Moderate impact because the information leak is limited.

Меры по смягчению последствий

The attack vector can be significantly reduced by preventing users from being able to log into the local virtual console. See the instructions on disabling local login here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/managing_smart_cards/pam_configuration_files , See the section on "pam_console" to deny users logging into the console. This mechanism should work from el6 forward to current versions of Red Hat Enterprise Linux.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelOut of support scope
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernel-altWill not fix
Red Hat Enterprise MRG 2kernelWill not fix
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2020:406229.09.2020
Red Hat Enterprise Linux 7kernelFixedRHSA-2020:406029.09.2020
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2020:460904.11.2020
Red Hat Enterprise Linux 8kernelFixedRHSA-2020:443104.11.2020
Red Hat Enterprise Linux 8.2 Extended Update Supportkernel-rtFixedRHSA-2022:120905.04.2022
Red Hat Enterprise Linux 8.2 Extended Update SupportkernelFixedRHSA-2022:121305.04.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1802563kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c

EPSS

Процентиль: 14%
0.00046
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-8647

CVSS3: 6.1
ubuntu
больше 5 лет назад

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.

nvd логотип

CVE-2020-8647

CVSS3: 6.1
nvd
больше 5 лет назад

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.

msrc логотип

CVE-2020-8647

CVSS3: 6.1
msrc
почти 5 лет назад

Описание отсутствует

debian логотип

CVE-2020-8647

CVSS3: 6.1
debian
больше 5 лет назад

There is a use-after-free vulnerability in the Linux kernel through 5. ...

github логотип

GHSA-jmx4-6cgp-jv4x

github
около 3 лет назад

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.

EPSS

Процентиль: 14%
0.00046
Низкий

6.1 Medium

CVSS3