CVE-2020-8647Use After Free in Linux

CWE-416Use After FreeCWE-200Sensitive Information Exposure15 documents10 sources
Severity
6.1MEDIUMNVD
OSV4.4
EPSS
0.1%
top 77.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Linux KernelDebian LinuxDebian Linux+5 more
Timeline
PublishedFeb 6
Latest updateSep 1

Description

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:HExploitability: 1.8 | Impact: 4.2

Affected Packages9 packages

Debianlinux/linux_kernel< 5.5.13-1+3
Ubuntulinux/linux_kernel< 4.4.0-178.208+3
debiandebian/linux< linux 5.5.13-1 (bookworm)

Also affects: Debian Linux 8.0, 9.0

Patches

Patch: bugzilla.kernel.orgPatch: bugzilla.kernel.org

🔴Vulnerability Details

5
GHSA
GHSA-jmx4-6cgp-jv4x: There is a use-after-free vulnerability in the Linux kernel through 52022-05-24
OSV
Kernel Live Patch Security Notice2020-06-09
OSV
Kernel Live Patch Security Notice2020-05-01
Kernel
vgacon: Fix a UAF in vgacon_invert_region2020-03-04
OSV
CVE-2020-8647: There is a use-after-free vulnerability in the Linux kernel through 52020-02-06

📋Vendor Advisories

6
Ubuntu
Kernel Live Patch Security Notice2020-06-09
Android
CVE-2020-8647: Kernel TTY support2020-06-01
Ubuntu
Kernel Live Patch Security Notice2020-05-01
Microsoft
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.2020-02-11
Red Hat
kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c2020-01-30

💬Community

3
Bugzilla
CVE-2020-27418 kernel: User after free via vgacon_invert_region() function2023-09-01
Bugzilla
CVE-2020-8647 kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c2020-02-13
Bugzilla
CVE-2020-8647 kernel: use-after-free in vc_do_resize function in drivers/tty/vt/vt.c [fedora-all]2020-02-13