CVE-2020-0427: Use After Free
First published: Thu Sep 17 2020(Updated: )
A flaw was found in the Linux pinctrl system. It is possible to trigger an of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed.
Credit: security@android.com security@android.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.21.1.rt56.1158.el7 | 0:3.10.0-1160.21.1.rt56.1158.el7 |
| redhat/kernel | <0:3.10.0-1160.21.1.el7 | 0:3.10.0-1160.21.1.el7 |
| redhat/kernel-rt | <0:4.18.0-348.rt7.130.el8 | 0:4.18.0-348.rt7.130.el8 |
| redhat/kernel | <0:4.18.0-348.el8 | 0:4.18.0-348.el8 |
| Google Android | ||
| Debian Debian Linux | =9.0 | |
| openSUSE Leap | =15.1 | |
| openSUSE Leap | =15.2 | |
| Starwindsoftware Starwind Virtual San Vsphere | =v8-build12533 | |
| Starwindsoftware Starwind Virtual San Vsphere | =v8-build12658 | |
| Starwindsoftware Starwind Virtual San Vsphere | =v8-build12859 | |
| Starwindsoftware Starwind Virtual San Vsphere | =v8-build13170 | |
| Starwindsoftware Starwind Virtual San Vsphere | =v8-build13586 | |
| Starwindsoftware Starwind Virtual San Vsphere | =v8-build13861 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.106-3 6.1.112-1 6.11.4-1 6.11.5-1 |
Remedy
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-0427 https://nvd.nist.gov/vuln/detail/CVE-2020-0427
- https://bugzilla.redhat.com/show_bug.cgi?id=1919893
- https://access.redhat.com/errata/RHSA-2021:0857
- https://access.redhat.com/errata/RHSA-2021:0856
- https://access.redhat.com/errata/RHSA-2021:4140
- https://access.redhat.com/errata/RHSA-2021:4356
- https://access.redhat.com/security/cve/cve-2020-0427
- https://source.android.com/security/bulletin/pixel/2020-09-01
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html
- https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
- http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html
- https://www.starwindsoftware.com/security/sw-20210325-0005/
- https://launchpad.net/bugs/cve/CVE-2020-0427
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=be4c60b563edee3712d392aaeb0943a768df7023
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1919897
- https://git.kernel.org/linus/be4c60b563edee3712d392aaeb0943a768df7023
- https://security-tracker.debian.org/tracker/CVE-2020-0427
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0427
- https://nvd.nist.gov/vuln/detail/CVE-2020-0427
- https://ubuntu.com/security/CVE-2020-0427
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-0427
- agent/author
- agent/remedy
- agent/severity
- agent/weakness
- agent/description
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- agent/software-canonical-lookup
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/references
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- package-manager/redhat
- vendor/google
- canonical/google android
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- version/opensuse leap/15.2
- vendor/starwindsoftware
- canonical/starwindsoftware starwind virtual san vsphere
- version/starwindsoftware starwind virtual san vsphere/v8-build12533
- version/starwindsoftware starwind virtual san vsphere/v8-build12658
- version/starwindsoftware starwind virtual san vsphere/v8-build12859
- version/starwindsoftware starwind virtual san vsphere/v8-build13170
- version/starwindsoftware starwind virtual san vsphere/v8-build13586
- version/starwindsoftware starwind virtual san vsphere/v8-build13861
- package-manager/debian