CVE-2020-25656

CWE-416 — Use After Free17 documents10 sources

Severity

4.1MEDIUM

EPSS

0.0%

top 95.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Debian Linux Redhat Enterprise Linux +1 more

Timeline

PublishedDec 2

Latest updateMay 24

Description

A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.5 | Impact: 3.6

Affected Packages20 packages

▶Android:linux_kernel::0 — :2021-05-05

▶NVDlinux/linux_kernel< 5.10+1

▶Debianlinux< 5.9.6-1+3

▶Ubuntulinux< 5.4.0-59.65

▶Ubuntulinux-aws< 5.4.0-1034.35

Also affects: Debian Linux 9.0, Enterprise Linux 7.0, 8.0

Patches

Patch: bugzilla.redhat.com ↗Patch: lkml.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-4pfp-w4vm-364q: A flaw was found in the Linux kernel↗2022-05-24

▶

OSV

CVE-2020-25656: In vt_do_kdgkb_ioctl of keyboard↗2021-05-01

▶

OSV

linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle, linux-raspi vulnerabilities↗2021-02-25

▶

OSV

linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabi↗2021-01-06

▶

OSV

linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities↗2021-01-06

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2021-02-25

▶

Ubuntu

Linux kernel vulnerabilities↗2021-01-06

▶

Ubuntu

Linux kernel vulnerabilities↗2021-01-06

▶

Ubuntu

Linux kernel vulnerabilities↗2021-01-06

▶

Microsoft

▶

💬Community

Bugzilla

CVE-2020-25656 kernel: use-after-free in read in vt_do_kdgkb_ioctl↗2020-10-15

▶