Description
The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.
References (5)
Core 5
Core References
Patch, Vendor Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.10
Exploit, Mailing List, Patch, Third Party Advisory x_refsource_misc
https://seclists.org/oss-sec/2020/q3/176
Patch, Third Party Advisory x_refsource_misc
https://github.com/torvalds/linux/commit/973c096f6a85e5b5f2a295126ba6928d9a6afd45
Patch, Vendor Advisory x_refsource_misc
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=973c096f6a85e5b5f2a295126ba6928d9a6afd45
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210805-0001/
Scores
CVSS v3
5.9
EPSS
0.0009
EPSS Percentile
25.5%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (10)
linux/linux_kernel
< 5.8.10
netapp/cloud_backup
netapp/h300e_firmware
netapp/h300s_firmware
netapp/h410c_firmware
netapp/h410s_firmware
netapp/h500e_firmware
netapp/h500s_firmware
netapp/h700e_firmware
netapp/h700s_firmware
Published
Jun 24, 2021
Tracked Since
Feb 18, 2026