What is the severity of CVE-2020-25220?

CVE-2020-25220 has a medium severity rating due to its potential impact on memory management in affected Linux kernel versions.

How do I fix CVE-2020-25220?

To fix CVE-2020-25220, upgrade your Linux kernel to versions 4.9.233, 4.14.194, or 4.19.140 and later.

What systems are affected by CVE-2020-25220?

CVE-2020-25220 affects Linux kernel versions 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140.

Is CVE-2020-25220 a critical vulnerability?

CVE-2020-25220 is not classified as a critical vulnerability but poses risks in certain use cases.

What type of vulnerability is CVE-2020-25220?

CVE-2020-25220 is classified as a use-after-free vulnerability related to the cgroups feature in the Linux kernel.

Vulnerability/
CVE-2020-25220

high

7.8

CWE

416

10/9/2020

4/8/2024

CVE-2020-25220: Use After Free

First published: Thu Sep 10 2020(Updated: )

The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Linux Kernel	>=4.9.0<4.9.233
Linux Kernel	>=4.14<4.14.194
Linux Kernel	>=4.19<4.19.140

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-25220?
CVE-2020-25220 has a medium severity rating due to its potential impact on memory management in affected Linux kernel versions.
How do I fix CVE-2020-25220?
To fix CVE-2020-25220, upgrade your Linux kernel to versions 4.9.233, 4.14.194, or 4.19.140 and later.
What systems are affected by CVE-2020-25220?
CVE-2020-25220 affects Linux kernel versions 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140.
Is CVE-2020-25220 a critical vulnerability?
CVE-2020-25220 is not classified as a critical vulnerability but poses risks in certain use cases.
What type of vulnerability is CVE-2020-25220?
CVE-2020-25220 is classified as a use-after-free vulnerability related to the cgroups feature in the Linux kernel.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/references
agent/remedy
agent/severity
agent/last-modified-date
agent/weakness
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/linux
canonical/linux kernel
version/linux kernel/4.9.0
version/linux kernel/4.14
version/linux kernel/4.19

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

CVE-2020-25220: Use After Free

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-25220?

How do I fix CVE-2020-25220?

What systems are affected by CVE-2020-25220?

Is CVE-2020-25220 a critical vulnerability?

What type of vulnerability is CVE-2020-25220?

Company

Resources

Contact