Vulnerability CVE-2020-27825


Published: 2020-12-11

Description:
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.

Type:

CWE-362

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.4/10
7.8/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
Complete
Affected software
Redhat -> Enterprise mrg 
Redhat -> Enterprise linux 
Linux -> Linux kernel 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=1905155

Copyright 2021, cxsecurity.com

 

Back to Top