Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-8649

Опубликовано: 30 янв. 2020
Источник: redhat
CVSS3: 5.9
EPSS Низкий

Описание

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.

A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console. An out-of-bounds read can occur, leaking information to the console.

Отчет

This flaw is rated as a having Moderate impact, it is an infoleak that is written to the screen.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelOut of support scope
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernel-altWill not fix
Red Hat Enterprise MRG 2kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2020:406229.09.2020
Red Hat Enterprise Linux 7kernelFixedRHSA-2020:406029.09.2020
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2020:460904.11.2020
Red Hat Enterprise Linux 8kernelFixedRHSA-2020:443104.11.2020
Red Hat Enterprise Linux 8.2 Extended Update Supportkernel-rtFixedRHSA-2022:120905.04.2022
Red Hat Enterprise Linux 8.2 Extended Update SupportkernelFixedRHSA-2022:121305.04.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1802555kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c

EPSS

Процентиль: 27%
0.00094
Низкий

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-8649

CVSS3: 5.9
ubuntu
больше 5 лет назад

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.

nvd логотип

CVE-2020-8649

CVSS3: 5.9
nvd
больше 5 лет назад

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.

msrc логотип

CVE-2020-8649

CVSS3: 5.9
msrc
почти 5 лет назад

Описание отсутствует

debian логотип

CVE-2020-8649

CVSS3: 5.9
debian
больше 5 лет назад

There is a use-after-free vulnerability in the Linux kernel through 5. ...

github логотип

GHSA-3fg2-94qq-385g

github
около 3 лет назад

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.

EPSS

Процентиль: 27%
0.00094
Низкий

5.9 Medium

CVSS3