CVE-2020-25669
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-25669
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25669.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-25669
- Related
- Published
- 2021-05-26T12:15:15Z
- Modified
- 2024-09-11T02:00:06Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability was found in the Linux Kernel where the function sunkbdreinit having been scheduled by sunkbdinterrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbddisconnect, there is still an alias in sunkbdreinit causing Use After Free.
- References
-
- https://security.netapp.com/advisory/ntap-20210702-0006/
- http://www.openwall.com/lists/oss-security/2020/11/05/2
- http://www.openwall.com/lists/oss-security/2020/11/20/5
- https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
- https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
- https://github.com/torvalds/linux/commit/77e70d351db7de07a46ac49b87a6c3c7a60fca7e
- https://www.openwall.com/lists/oss-security/2020/11/05/2%2C
- https://www.openwall.com/lists/oss-security/2020/11/20/5%2C
- https://security-tracker.debian.org/tracker/CVE-2020-25669
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source