CVE-2020-25656
MEDIUMLinux Kernel < 5.10 - Use-After-Free in Console Subsystem via KDGKBSENT and KDSKBSENT ioctls
Title source: llmDescription
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.
References (6)
Core 6
Core References
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
Exploit, Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1888726
Exploit, Mailing List, Third Party Advisory
https://lkml.org/lkml/2020/10/16/84
Mailing List, Patch, Third Party Advisory
https://lkml.org/lkml/2020/10/29/528
Third Party Advisory
https://www.starwindsoftware.com/security/sw-20210325-0006/
Scores
CVSS v3
4.1
EPSS
0.0002
EPSS Percentile
5.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-416
Status
published
Products (6)
debian/debian_linux
9.0
linux/linux_kernel
5.10 rc1
linux/linux_kernel
< 5.10
redhat/enterprise_linux
7.0
redhat/enterprise_linux
8.0
starwindsoftware/starwind_virtual_san
v8 build12533 (6 CPE variants)
Published
Dec 02, 2020
Tracked Since
Feb 18, 2026