CVE-2020-0427: Use After Free
First published: Thu Sep 17 2020(Updated: )
A flaw was found in the Linux pinctrl system. It is possible to trigger an of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed.
Credit: security@android.com security@android.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.21.1.rt56.1158.el7 | 0:3.10.0-1160.21.1.rt56.1158.el7 |
| redhat/kernel | <0:3.10.0-1160.21.1.el7 | 0:3.10.0-1160.21.1.el7 |
| redhat/kernel-rt | <0:4.18.0-348.rt7.130.el8 | 0:4.18.0-348.rt7.130.el8 |
| redhat/kernel | <0:4.18.0-348.el8 | 0:4.18.0-348.el8 |
| Google Android | ||
| Debian Debian Linux | =9.0 | |
| openSUSE | =15.1 | |
| openSUSE | =15.2 | |
| StarWind Virtual SAN | =v8-build12533 | |
| StarWind Virtual SAN | =v8-build12658 | |
| StarWind Virtual SAN | =v8-build12859 | |
| StarWind Virtual SAN | =v8-build13170 | |
| StarWind Virtual SAN | =v8-build13586 | |
| StarWind Virtual SAN | =v8-build13861 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.10-1 6.12.11-1 |
Remedy
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-0427 https://nvd.nist.gov/vuln/detail/CVE-2020-0427
- https://bugzilla.redhat.com/show_bug.cgi?id=1919893
- https://access.redhat.com/errata/RHSA-2021:0857
- https://access.redhat.com/errata/RHSA-2021:0856
- https://access.redhat.com/errata/RHSA-2021:4140
- https://access.redhat.com/errata/RHSA-2021:4356
- https://access.redhat.com/security/cve/cve-2020-0427
- https://source.android.com/security/bulletin/pixel/2020-09-01
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html
- https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
- http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html
- https://www.starwindsoftware.com/security/sw-20210325-0005/
- https://launchpad.net/bugs/cve/CVE-2020-0427
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=be4c60b563edee3712d392aaeb0943a768df7023
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1919897
- https://git.kernel.org/linus/be4c60b563edee3712d392aaeb0943a768df7023
- https://security-tracker.debian.org/tracker/CVE-2020-0427
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0427
- https://nvd.nist.gov/vuln/detail/CVE-2020-0427
- https://ubuntu.com/security/CVE-2020-0427
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2020-0427?
CVE-2020-0427 has a medium severity level due to its potential for local information disclosure.
How do I fix CVE-2020-0427?
To fix CVE-2020-0427, upgrade to the patched versions of the kernel available for your distribution.
What software is affected by CVE-2020-0427?
CVE-2020-0427 affects various Linux kernel versions across distributions such as Red Hat, Debian, and openSUSE.
What type of vulnerability is CVE-2020-0427?
CVE-2020-0427 is a use-after-free vulnerability that can lead to an out-of-bounds read.
Can CVE-2020-0427 be exploited remotely?
CVE-2020-0427 requires local access for exploitation, making remote exploitation unlikely.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-0427
- agent/author
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- agent/last-modified-date
- agent/trending
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/google
- canonical/google android
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/15.1
- version/opensuse/15.2
- vendor/starwindsoftware
- canonical/starwind virtual san
- version/starwind virtual san/v8-build12533
- version/starwind virtual san/v8-build12658
- version/starwind virtual san/v8-build12859
- version/starwind virtual san/v8-build13170
- version/starwind virtual san/v8-build13586
- version/starwind virtual san/v8-build13861
- package-manager/debian