CVE-2020-27786: Use After Free
First published: Tue Nov 24 2020(Updated: )
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <4.4.224 | |
| Linux Linux kernel | >=4.5<4.9.224 | |
| Linux Linux kernel | >=4.10<4.14.181 | |
| Linux Linux kernel | >=4.15<4.19.124 | |
| Linux Linux kernel | >=4.20<5.4.42 | |
| Linux Linux kernel | >=5.5<5.6.14 | |
| Redhat Openshift Container Platform | =4.4 | |
| Redhat Openshift Container Platform | =4.5 | |
| Redhat Openshift Container Platform | =4.6 | |
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Mrg | =2.0 | |
| Netapp Cloud Backup | ||
| Netapp Solidfire Baseboard Management Controller |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this flaw in the Linux kernel’s implementation of MIDI?
The vulnerability ID for this flaw is CVE-2020-27786.
What is the severity of CVE-2020-27786?
The severity of CVE-2020-27786 is high with a CVSS score of 7.8.
How can an attacker exploit CVE-2020-27786?
An attacker with a local account and permissions to issue ioctl commands to MIDI devices can exploit CVE-2020-27786 by triggering a use-after-free issue.
Which versions of the Linux kernel are affected by CVE-2020-27786?
The Linux kernel versions affected by CVE-2020-27786 are 4.4.224 up to exclusive 5.7.
How can I fix CVE-2020-27786 in the Linux kernel?
To fix CVE-2020-27786 in the Linux kernel, update to version 5.7 or apply the appropriate patch provided by your Linux distribution.
- collector/nvd-index
- agent/remedy
- agent/first-publish-date
- agent/type
- agent/last-modified-date
- agent/references
- agent/softwarecombine
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-27786
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/4.5
- version/linux linux kernel/4.10
- version/linux linux kernel/4.15
- version/linux linux kernel/4.20
- version/linux linux kernel/5.5
- vendor/redhat
- canonical/redhat openshift container platform
- version/redhat openshift container platform/4.4
- version/redhat openshift container platform/4.5
- version/redhat openshift container platform/4.6
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- version/redhat enterprise linux/8.0
- canonical/redhat enterprise mrg
- version/redhat enterprise mrg/2.0
- vendor/netapp
- canonical/netapp cloud backup
- canonical/netapp solidfire baseboard management controller
- package-manager/redhat