CVE-2020-25669 — Use After Free in Kernel
Severity
7.8HIGHNVD
OSV5.5OSV4.1
EPSS
0.1%
top 66.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 26
Latest updateMay 24
Description
A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages5 packages
Also affects: Debian Linux 9.0
Patches
🔴Vulnerability Details
8GHSA▶
GHSA-pc2x-7x93-j3gg: A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed↗2022-05-24
OSV▶
CVE-2020-25669: A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed↗2021-05-26
OSV▶
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle, linux-raspi vulnerabilities↗2021-02-25
OSV▶
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabil↗2021-02-25
📋Vendor Advisories
8💬Community
1Bugzilla▶
CVE-2020-25669 kernel: use-after-free read in sunkbd_reinit in drivers/input/keyboard/sunkbd.c↗2020-10-28