CVE-2020-8648: Use After Free
First published: Thu Jan 30 2020(Updated: )
A use-after-free flaw was found in the Linux kernel console driver when using the copy-paste buffer. This flaw allows a local user to crash the system.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.31.1.rt56.1169.el7 | 0:3.10.0-1160.31.1.rt56.1169.el7 |
| redhat/kernel | <0:3.10.0-1160.31.1.el7 | 0:3.10.0-1160.31.1.el7 |
| redhat/kernel | <0:3.10.0-957.80.1.el7 | 0:3.10.0-957.80.1.el7 |
| redhat/kernel | <0:3.10.0-1062.56.1.el7 | 0:3.10.0-1062.56.1.el7 |
| redhat/kernel-rt | <0:4.18.0-240.rt7.54.el8 | 0:4.18.0-240.rt7.54.el8 |
| redhat/kernel | <0:4.18.0-240.el8 | 0:4.18.0-240.el8 |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.13-1 | |
| Android | ||
| Linux Kernel | <=5.5.2 | |
| Debian | =8.0 | |
| openSUSE | =15.1 | |
| NetApp Active IQ Unified Manager for VMware vSphere | ||
| netapp cloud backup | ||
| netapp hci baseboard management controller | =h410c | |
| netapp solidfire baseboard management controller | ||
| Brocade Fabric OS | ||
| Ubuntu | =14.04 | |
| Ubuntu | =16.04 | |
| Ubuntu | =16.04 | |
| Ubuntu | =18.04 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-8648 https://nvd.nist.gov/vuln/detail/CVE-2020-8648
- https://bugzilla.redhat.com/show_bug.cgi?id=1802559
- https://access.redhat.com/errata/RHSA-2021:2316
- https://access.redhat.com/errata/RHSA-2021:2314
- https://access.redhat.com/errata/RHSA-2021:3320
- https://access.redhat.com/errata/RHSA-2021:3522
- https://access.redhat.com/errata/RHSA-2020:4609
- https://access.redhat.com/errata/RHSA-2020:4431
- https://access.redhat.com/security/cve/cve-2020-8648
- https://bugzilla.kernel.org/show_bug.cgi?id=206361
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
- https://usn.ubuntu.com/4344-1/
- https://usn.ubuntu.com/4345-1/
- https://usn.ubuntu.com/4342-1/
- https://usn.ubuntu.com/4346-1/
- https://www.debian.org/security/2020/dsa-4698
- https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
- https://security.netapp.com/advisory/ntap-20200924-0004/
- https://launchpad.net/bugs/cve/CVE-2020-8648
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1802560
- https://android.googlesource.com/kernel/common/+/07e6124a1a46
- https://android.googlesource.com/kernel/common/+/e8c75a30a23c
- https://android.googlesource.com/kernel/common/+/4b70dd57a15d
- https://source.android.com/docs/security/bulletin/2020-06-01 (Advisory)
- https://git.kernel.org/linus/07e6124a1a46b4b5a9b3cacc0c306b50da87abf5
- https://security-tracker.debian.org/tracker/CVE-2020-8648
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8648
- https://nvd.nist.gov/vuln/detail/CVE-2020-8648
- https://ubuntu.com/security/CVE-2020-8648
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2020-8648?
CVE-2020-8648 is classified as a high-severity vulnerability due to its potential to crash the system.
How do I fix CVE-2020-8648?
To fix CVE-2020-8648, you should upgrade to the patched kernel versions provided by your distribution.
What systems are affected by CVE-2020-8648?
CVE-2020-8648 affects various Linux kernel versions up to 5.5.2 and specific distributions like Red Hat, Ubuntu, and Debian.
Can CVE-2020-8648 be exploited remotely?
No, CVE-2020-8648 is considered a local privilege escalation vulnerability, meaning it requires local access to the system.
Is there a workaround for CVE-2020-8648 if I cannot update?
There are no specific workarounds recommended for CVE-2020-8648; updating the kernel is the primary solution.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-8648
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/trending
- agent/last-modified-date
- agent/source
- agent/event
- agent/author
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/android-source
- source/Android
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- package-manager/redhat
- package-manager/debian
- vendor/google
- canonical/android
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.5.2
- vendor/debian
- canonical/debian
- version/debian/8.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/15.1
- vendor/netapp
- canonical/netapp active iq unified manager for vmware vsphere
- canonical/netapp cloud backup
- canonical/netapp hci baseboard management controller
- version/netapp hci baseboard management controller/h410c
- canonical/netapp solidfire baseboard management controller
- vendor/broadcom
- canonical/brocade fabric os
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/14.04
- version/ubuntu/16.04
- version/ubuntu/18.04