CVE-2020-28915Out-of-bounds Read in Kernel

CWE-125Out-of-bounds Read21 documents8 sources
Severity
5.8MEDIUMNVD
OSV7.8OSV5.5OSV5.4
EPSS
0.1%
top 69.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxPaloalto Pan-os+1 more
Timeline
PublishedNov 18
Latest updateFeb 14

Description

A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:HExploitability: 0.3 | Impact: 5.5

Affected Packages6 packages

NVDlinux/linux_kernel< 5.8.15
Debianlinux/linux_kernel< 5.9.1-1+3
Ubuntulinux/linux_kernel< 4.4.0-197.229+4
debiandebian/linux< linux 5.9.1-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: syzkaller.appspot.com

🔴Vulnerability Details

8
GHSA
GHSA-v4w4-xxpq-3p77: A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 52022-05-24
OSV
linux-oem-5.6 vulnerabilities2021-02-25
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 regression2020-12-13
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon regression2020-12-13
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities2020-12-03

📋Vendor Advisories

12
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-02-14
Ubuntu
Linux kernel (OEM) vulnerabilities2021-02-25
Ubuntu
Linux kernel regression2020-12-13
Ubuntu
Linux kernel regression2020-12-13
Ubuntu
Linux kernel regression2020-12-13