SB2020020621 - Use-after-free in Linux kernel
Published: February 6, 2020 Updated: June 1, 2020
Security Bulletin ID
SB2020020621
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2020-8648)
The vulnerability allows a local authenticated user to #BASIC_IMPACT#.
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.
Remediation
Install update from vendor's website.
References
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.216
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.216
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.109
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.173
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.9
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.25
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6