CVE-2020-8648Use After Free in Kernel

CWE-416Use After Free19 documents11 sources
Severity
7.1HIGHNVD
OSV6.1OSV4.4
EPSS
0.0%
top 89.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelCanonical Ubuntu LinuxDebian Linux+2 more
Timeline
PublishedFeb 6
Latest updateMay 24

Description

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages5 packages

Debianlinux/linux_kernel< 5.5.13-1+3
Ubuntulinux/linux_kernel< 4.4.0-178.208+3
NVDopensuse/leap15.1

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 18.04

🔴Vulnerability Details

6
GHSA
GHSA-9hr4-45xh-6xvh: There is a use-after-free vulnerability in the Linux kernel through 52022-05-24
OSV
Kernel Live Patch Security Notice2020-06-09
OSV
Kernel Live Patch Security Notice2020-05-01
Kernel
vt: selection, close sel_buffer race2020-02-10
OSV
CVE-2020-8648: There is a use-after-free vulnerability in the Linux kernel through 52020-02-06

📋Vendor Advisories

10
Ubuntu
Kernel Live Patch Security Notice2020-06-09
Android
CVE-2020-8648: Kernel TTY support2020-06-01
Ubuntu
Kernel Live Patch Security Notice2020-05-01
Ubuntu
Linux kernel vulnerabilities2020-04-30
Ubuntu
Linux kernel vulnerabilities2020-04-29

💬Community

2
Bugzilla
CVE-2020-8648 kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c [fedora-all]2020-02-13
Bugzilla
CVE-2020-8648 kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c2020-02-13
CVE-2020-8648 — Use After Free in Linux Kernel | cvebase