CVE-2020-8649 — Use After Free in Linux
Severity
5.9MEDIUMNVD
OSV6.1OSV4.4
EPSS
0.1%
top 75.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 6
Latest updateSep 1
Description
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.
CVSS vector
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 0.7 | Impact: 5.2
Affected Packages8 packages
Also affects: Debian Linux 8.0, 9.0
🔴Vulnerability Details
5GHSA▶
GHSA-3fg2-94qq-385g: There is a use-after-free vulnerability in the Linux kernel through 5↗2022-05-24
📋Vendor Advisories
5Microsoft▶
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.↗2020-02-11
Red Hat▶
kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c↗2020-01-30
Debian▶
CVE-2020-8649: linux - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the...↗2020
💬Community
4Bugzilla▶
CVE-2019-8649 webkitgtk: Incorrect state management leading to universal cross-site scripting↗2020-09-07
Bugzilla▶
CVE-2020-8649 kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c↗2020-02-13
Bugzilla▶
CVE-2020-8649 kernel: use-after-free in vgacon_invert_region function in drivers/video/console/vgacon.c [fedora-all]↗2020-02-13