CVE-2020-14351
HIGHLinux Kernel < 5.8.17 - Use-After-Free in Perf Subsystem
Title source: llmDescription
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References (3)
Core 3
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1862849
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
Scores
CVSS v3
7.8
EPSS
0.0013
EPSS Percentile
31.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (4)
debian/debian_linux
9.0
linux/linux_kernel
< 5.8.17
redhat/enterprise_linux
7.0
redhat/enterprise_linux
8.0
Published
Dec 03, 2020
Tracked Since
Feb 18, 2026