First published: Wed May 26 2021(Updated: )
A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Kernel | <4.4.245 | |
Linux Kernel | >=4.5<4.9.245 | |
Linux Kernel | >=4.10<4.14.208 | |
Linux Kernel | >=4.15<4.19.159 | |
Linux Kernel | >=4.20<5.4.79 | |
Linux Kernel | >=5.5<5.9.10 | |
Debian | =9.0 | |
NetApp Cloud Backup | ||
NetApp SolidFire & HCI Management Node | ||
NetApp SolidFire | ||
All of | ||
NetApp H300S Firmware | ||
NetApp H300S Firmware | ||
All of | ||
NetApp H500e Firmware | ||
NetApp H500e Firmware | ||
All of | ||
NetApp H700S | ||
NetApp H700S | ||
All of | ||
NetApp H300E | ||
NetApp H300E Firmware | ||
All of | ||
NetApp H500E | ||
NetApp H500e Firmware | ||
All of | ||
NetApp H700E | ||
NetApp H700E | ||
All of | ||
NetApp H410S | ||
NetApp H410S Firmware | ||
All of | ||
NetApp H410C | ||
NetApp H410C Firmware | ||
NetApp H300S Firmware | ||
NetApp H300S Firmware | ||
NetApp H500e Firmware | ||
NetApp H500e Firmware | ||
NetApp H700S | ||
NetApp H700S | ||
NetApp H300E | ||
NetApp H300E Firmware | ||
NetApp H500E | ||
NetApp H500e Firmware | ||
NetApp H700E | ||
NetApp H700E | ||
NetApp H410S | ||
NetApp H410S Firmware | ||
NetApp H410C | ||
NetApp H410C Firmware | ||
debian/linux | 5.10.223-1 5.10.234-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.17-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-25669 has been assigned a medium severity rating due to the potential for a Use After Free vulnerability affecting the Linux Kernel.
To fix CVE-2020-25669, you should upgrade the Linux Kernel to version 5.10.223-1 or later.
CVE-2020-25669 affects Linux Kernel versions between 4.4.0 and 5.4.x and several other specific range versions.
CVE-2020-25669 impacts various Linux distributions, including Debian Linux and may affect systems running specific NetApp firmware.
CVE-2020-25669 is classified as a Use After Free vulnerability, which can potentially lead to unauthorized access or system crashes.