Vulnerability CVE-2020-27820


Published: 2021-11-03

Description:
A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).

Type:

CWE-416

(Use After Free)

CVSS2 => (AV:L/AC:M/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.7/10
6.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Linux -> Linux kernel 
Fedoraproject -> Fedora 

 References:
https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline@redhat.com/
https://bugzilla.redhat.com/show_bug.cgi?id=1901726
https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline@redhat.com/
https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline@redhat.com/

Copyright 2021, cxsecurity.com

 

Back to Top