CVE-2021-20292 — Use After Free in Kernel
Severity
6.7MEDIUMNVD
OSV7.8
EPSS
0.1%
top 71.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 28
Latest updateMay 24
Description
There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9
Affected Packages5 packages
Also affects: Debian Linux 9.0, Enterprise Linux 6.0, 7.0, Fedora 33
Patches
🔴Vulnerability Details
5GHSA
▶
OSV▶
linux, linux-aws, lnux-aws-hwe, linux-azure, inux-azure-4.15, linux-dell300x, linux-gcp, linux-hwe, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2021-05-11
📋Vendor Advisories
4Debian▶
CVE-2021-20292: linux - There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/g...↗2021