CVE-2020-25220
HIGHLinux Kernel 4.9.0-4.9.232 - Use-After-Free in cgroups Feature
Title source: llmDescription
The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature.
References (9)
Core 9
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1868453
Issue Tracking, Patch, Vendor Advisory x_refsource_misc
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.14.y&id=82fd2138a5ffd7e0d4320cdb669e115ee976a26e
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://www.spinics.net/lists/stable/msg405099.html
Release Notes, Vendor Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.233
Release Notes, Vendor Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.194
Release Notes, Vendor Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.140
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20201001-0004/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
Scores
CVSS v3
7.8
EPSS
0.0045
EPSS Percentile
36.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (1)
linux/linux_kernel
4.9.0 - 4.9.233
Published
Sep 10, 2020
Tracked Since
Feb 18, 2026