CVE-2020-25669

A vulnerability was found in the Linux Kernel where the function sunkbdreinit having been scheduled by sunkbdinterrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbddisconnect, there is still an alias in sunkbdreinit causing Use After Free.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "9.0"
                }
            ],
            "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "fixed": "4.4.245"
                },
                {
                    "introduced": "4.5"
                },
                {
                    "fixed": "4.9.245"
                },
                {
                    "introduced": "4.10"
                },
                {
                    "fixed": "4.14.208"
                },
                {
                    "introduced": "4.15"
                },
                {
                    "fixed": "4.19.159"
                },
                {
                    "introduced": "4.20"
                },
                {
                    "fixed": "5.4.79"
                },
                {
                    "introduced": "5.5"
                },
                {
                    "fixed": "5.9.10"
                }
            ],
            "cpe": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
        }
    ]
}

References

Affected packages

Git / github.com/torvalds/linux

Affected ranges

Type

GIT

Repo

https://github.com/torvalds/linux

Events

Introduced

Fixed

77e70d351db7de07a46ac49b87a6c3c7a60fca7e

Database specific

{
    "source": "REFERENCES"
}

Affected versions

v2.*

v2.6.12-rc2

v2.6.12-rc3

v2.6.12-rc4

v2.6.13

v2.6.13-rc1

v2.6.13-rc2

v2.6.13-rc3

v2.6.13-rc4

v2.6.13-rc5

v2.6.13-rc6

v2.6.13-rc7

v2.6.14-rc1

v2.6.14-rc2

v2.6.14-rc3

v2.6.15-rc1

v2.6.15-rc2

v2.6.15-rc4

v2.6.15-rc5

v2.6.15-rc7

v2.6.16

v2.6.16-rc1

v2.6.16-rc2

v2.6.16-rc3

v2.6.16-rc4

v2.6.16-rc5

v2.6.16-rc6

v2.6.17

v2.6.17-rc1

v2.6.17-rc2

v2.6.17-rc3

v2.6.17-rc4

v2.6.17-rc5

v2.6.17-rc6

v2.6.18

v2.6.18-rc1

v2.6.18-rc2

v2.6.18-rc3

v2.6.18-rc5

v2.6.18-rc6

v2.6.19-rc1

v2.6.19-rc2

v2.6.20-rc1

v2.6.20-rc2

v2.6.20-rc3

v2.6.20-rc4

v2.6.20-rc5

v2.6.20-rc6

v2.6.20-rc7

v2.6.21

v2.6.21-rc1

v2.6.21-rc2

v2.6.21-rc3

v2.6.21-rc4

v2.6.21-rc5

v2.6.21-rc6

v2.6.21-rc7

v2.6.22

v2.6.22-rc1

v2.6.22-rc2

v2.6.22-rc3

v2.6.22-rc4

v2.6.22-rc5

v2.6.22-rc6

v2.6.22-rc7

v2.6.23

v2.6.23-rc1

v2.6.23-rc2

v2.6.23-rc3

v2.6.23-rc4

v2.6.23-rc5

v2.6.23-rc6

v2.6.23-rc7

v2.6.23-rc8

v2.6.23-rc9

v2.6.24

v2.6.24-rc1

v2.6.24-rc2

v2.6.24-rc3

v2.6.24-rc4

v2.6.24-rc5

v2.6.24-rc6

v2.6.24-rc7

v2.6.24-rc8

v2.6.25

v2.6.25-rc1

v2.6.25-rc2

v2.6.25-rc3

v2.6.25-rc4

v2.6.25-rc5

v2.6.25-rc6

v2.6.25-rc7

v2.6.25-rc8

v2.6.25-rc9

v2.6.26

v2.6.26-rc1

v2.6.26-rc2

v2.6.26-rc3

v2.6.26-rc4

v2.6.26-rc5

v2.6.26-rc6

v2.6.26-rc7

v2.6.26-rc8

v2.6.26-rc9

v2.6.27

v2.6.27-rc1

v2.6.27-rc2

v2.6.27-rc3

v2.6.27-rc4

v2.6.27-rc5

v2.6.27-rc6

v2.6.27-rc7

v2.6.27-rc8

v2.6.27-rc9

v2.6.28

v2.6.28-rc1

v2.6.28-rc2

v2.6.28-rc3

v2.6.28-rc4

v2.6.28-rc5

v2.6.28-rc6

v2.6.28-rc7

v2.6.28-rc8

v2.6.28-rc9

v2.6.29

v2.6.29-rc1

v2.6.29-rc2

v2.6.29-rc3

v2.6.29-rc4

v2.6.29-rc5

v2.6.29-rc6

v2.6.29-rc7

v2.6.29-rc8

v2.6.30

v2.6.30-rc1

v2.6.30-rc2

v2.6.30-rc3

v2.6.30-rc4

v2.6.30-rc5

v2.6.30-rc6

v2.6.30-rc7

v2.6.30-rc8

v2.6.31

v2.6.31-rc1

v2.6.31-rc2

v2.6.31-rc3

v2.6.31-rc4

v2.6.31-rc5

v2.6.31-rc6

v2.6.31-rc7

v2.6.31-rc8

v2.6.31-rc9

v2.6.32

v2.6.32-rc1

v2.6.32-rc2

v2.6.32-rc3

v2.6.32-rc4

v2.6.32-rc5

v2.6.32-rc6

v2.6.32-rc7

v2.6.32-rc8

v2.6.33

v2.6.33-rc1

v2.6.33-rc2

v2.6.33-rc3

v2.6.33-rc4

v2.6.33-rc5

v2.6.33-rc6

v2.6.33-rc7

v2.6.33-rc8

v2.6.34

v2.6.34-rc1

v2.6.34-rc2

v2.6.34-rc3

v2.6.34-rc4

v2.6.34-rc5

v2.6.34-rc6

v2.6.34-rc7

v2.6.35

v2.6.35-rc1

v2.6.35-rc2

v2.6.35-rc3

v2.6.35-rc4

v2.6.35-rc5

v2.6.35-rc6

v2.6.36

v2.6.36-rc1

v2.6.36-rc2

v2.6.36-rc3

v2.6.36-rc4

v2.6.36-rc5

v2.6.36-rc6

v2.6.36-rc7

v2.6.36-rc8

v2.6.37

v2.6.37-rc1

v2.6.37-rc2

v2.6.37-rc3

v2.6.37-rc4

v2.6.37-rc5

v2.6.37-rc6

v2.6.37-rc7

v2.6.37-rc8

v2.6.38

v2.6.38-rc1

v2.6.38-rc2

v2.6.38-rc3

v2.6.38-rc4

v2.6.38-rc5

v2.6.38-rc6

v2.6.38-rc7

v2.6.38-rc8

v2.6.39

v2.6.39-rc1

v2.6.39-rc2

v2.6.39-rc3

v2.6.39-rc4

v2.6.39-rc5

v2.6.39-rc6

v2.6.39-rc7

v3.*

v3.0-rc1

v3.0-rc2

v3.0-rc3

v3.0-rc4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25669.json"

vanir_signatures

[
    {
        "target": {
            "function": "sunkbd_reinit",
            "file": "drivers/input/keyboard/sunkbd.c"
        },
        "signature_version": "v1",
        "source": "https://github.com/torvalds/linux/commit/77e70d351db7de07a46ac49b87a6c3c7a60fca7e",
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2020-25669-2ef9f874",
        "digest": {
            "function_hash": "104334658876116112984850968431497711748",
            "length": 699.0
        }
    },
    {
        "source": "https://github.com/torvalds/linux/commit/77e70d351db7de07a46ac49b87a6c3c7a60fca7e",
        "signature_version": "v1",
        "target": {
            "function": "sunkbd_interrupt",
            "file": "drivers/input/keyboard/sunkbd.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2020-25669-5d3987c8",
        "digest": {
            "function_hash": "6367602438856320083335949813575234265",
            "length": 894.0
        }
    },
    {
        "target": {
            "file": "drivers/input/keyboard/sunkbd.c"
        },
        "signature_version": "v1",
        "source": "https://github.com/torvalds/linux/commit/77e70d351db7de07a46ac49b87a6c3c7a60fca7e",
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2020-25669-62ee3537",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "118443532649537729941164673811931340163",
                "203422894197475587745740242930361167592",
                "164083477563821247878985626832757806476",
                "61999899458629429136124360853706058765",
                "63279945143989848315624696910852363939",
                "123018636941730572960266198395926658616",
                "183507149842197368945927851632256745067",
                "111131185691292227801151521408911123159",
                "187111365880764740442279416957264087128",
                "154382406990812131599216740163784003465",
                "153675118561862691926914250467307895224",
                "162160927677496898538112843028620145315",
                "49941134006353884664399353715228690198",
                "291793303316683833641795005995016011429",
                "68167436149283934921765433719294647516",
                "264558019207172767982267730792785594691",
                "26233430185146513213152028039451186732",
                "54125615799416165011841180645235597537",
                "318579792029624966781450794205982525009"
            ]
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/torvalds/linux/commit/77e70d351db7de07a46ac49b87a6c3c7a60fca7e",
        "signature_type": "Function",
        "target": {
            "function": "sunkbd_enable",
            "file": "drivers/input/keyboard/sunkbd.c"
        },
        "id": "CVE-2020-25669-7cd22648",
        "digest": {
            "function_hash": "90205578429393617714537585819780989492",
            "length": 144.0
        }
    }
]

vanir_signatures_modified

"2026-04-12T00:37:16Z"