CVE-2020-8648: Use After Free
First published: Thu Jan 30 2020(Updated: )
A use-after-free flaw was found in the Linux kernel console driver when using the copy-paste buffer. This flaw allows a local user to crash the system.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.31.1.rt56.1169.el7 | 0:3.10.0-1160.31.1.rt56.1169.el7 |
| redhat/kernel | <0:3.10.0-1160.31.1.el7 | 0:3.10.0-1160.31.1.el7 |
| redhat/kernel | <0:3.10.0-957.80.1.el7 | 0:3.10.0-957.80.1.el7 |
| redhat/kernel | <0:3.10.0-1062.56.1.el7 | 0:3.10.0-1062.56.1.el7 |
| redhat/kernel-rt | <0:4.18.0-240.rt7.54.el8 | 0:4.18.0-240.rt7.54.el8 |
| redhat/kernel | <0:4.18.0-240.el8 | 0:4.18.0-240.el8 |
| Linux Linux kernel | <=5.5.2 | |
| Debian Debian Linux | =8.0 | |
| openSUSE Leap | =15.1 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | ||
| Netapp Cloud Backup | ||
| Netapp Hci Baseboard Management Controller | =h410c | |
| Netapp Solidfire Baseboard Management Controller | ||
| Broadcom Brocade Fabric Operating System Firmware | ||
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Google Android | ||
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-8648 https://nvd.nist.gov/vuln/detail/CVE-2020-8648
- https://bugzilla.redhat.com/show_bug.cgi?id=1802559
- https://access.redhat.com/errata/RHSA-2021:2316
- https://access.redhat.com/errata/RHSA-2021:2314
- https://access.redhat.com/errata/RHSA-2021:3320
- https://access.redhat.com/errata/RHSA-2021:3522
- https://access.redhat.com/errata/RHSA-2020:4609
- https://access.redhat.com/errata/RHSA-2020:4431
- https://access.redhat.com/security/cve/cve-2020-8648
- https://bugzilla.kernel.org/show_bug.cgi?id=206361
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
- https://usn.ubuntu.com/4344-1/
- https://usn.ubuntu.com/4345-1/
- https://usn.ubuntu.com/4342-1/
- https://usn.ubuntu.com/4346-1/
- https://www.debian.org/security/2020/dsa-4698
- https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
- https://security.netapp.com/advisory/ntap-20200924-0004/
- https://launchpad.net/bugs/cve/CVE-2020-8648
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1802560
- https://android.googlesource.com/kernel/common/+/07e6124a1a46
- https://android.googlesource.com/kernel/common/+/e8c75a30a23c
- https://android.googlesource.com/kernel/common/+/4b70dd57a15d
- https://source.android.com/docs/security/bulletin/2020-06-01 (Advisory)
- https://git.kernel.org/linus/07e6124a1a46b4b5a9b3cacc0c306b50da87abf5
- https://security-tracker.debian.org/tracker/CVE-2020-8648
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8648
- https://nvd.nist.gov/vuln/detail/CVE-2020-8648
- https://ubuntu.com/security/CVE-2020-8648
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-8648
- agent/author
- agent/severity
- agent/weakness
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/android-source
- source/Android
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/references
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- package-manager/redhat
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/5.5.2
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- vendor/netapp
- canonical/netapp active iq unified manager vmware vsphere
- canonical/netapp cloud backup
- canonical/netapp hci baseboard management controller
- version/netapp hci baseboard management controller/h410c
- canonical/netapp solidfire baseboard management controller
- vendor/broadcom
- canonical/broadcom brocade fabric operating system firmware
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- vendor/google
- canonical/google android
- package-manager/debian