Vulnerability Details CVE-2020-27825
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.3%
CVSS Severity
CVSS v3 Score 5.7
CVSS v2 Score 5.4
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1905155
- https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html
- https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
- https://security.netapp.com/advisory/ntap-20210521-0008/
- https://www.debian.org/security/2021/dsa-4843
- https://bugzilla.redhat.com/show_bug.cgi?id=1905155
- https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html
- https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
- https://security.netapp.com/advisory/ntap-20210521-0008/
- https://www.debian.org/security/2021/dsa-4843
Products affected by CVE-2020-27825
-
cpe:2.3:a:netapp:cloud_backup:-
-
cpe:2.3:h:netapp:h410c:-
-
cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:linux:linux_kernel:5.10
-
cpe:2.3:o:netapp:h410c_firmware:-
-
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-
-
cpe:2.3:o:redhat:enterprise_linux:7.0
-
cpe:2.3:o:redhat:enterprise_linux:8.0
-
cpe:2.3:o:redhat:enterprise_mrg:2.0