CVE-2020-25668
HIGHLinux Kernel < 4.4.242 - Use-After-Free in con_font_op
Title source: llmDescription
A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.
References (9)
Core 9
Core References
Exploit, Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/10/30/1
Exploit, Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/11/04/3
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210702-0005/
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1893287%2C
Mailing List x_refsource_misc
https://www.openwall.com/lists/oss-security/2020/11/04/3%2C
Mailing List x_refsource_misc
https://www.openwall.com/lists/oss-security/2020/10/30/1%2C
Scores
CVSS v3
7.0
EPSS
0.0103
EPSS Percentile
59.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-662
CWE-362
Status
published
Products (15)
debian/debian_linux
9.0
linux/linux_kernel
< 4.4.242
netapp/500f_firmware
netapp/a250_firmware
netapp/cloud_backup
netapp/h300e_firmware
netapp/h300s_firmware
netapp/h410c_firmware
netapp/h410s_firmware
netapp/h500e_firmware
... and 5 more
Published
May 26, 2021
Tracked Since
Feb 18, 2026