First published: Tue Feb 25 2020(Updated: )
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Kernel | >=5.5<=5.5.6 | |
Linux Kernel | =5.4 | |
Red Hat Fedora | =31 | |
NetApp Active IQ Unified Manager for VMware vSphere | ||
NetApp Cloud Backup | ||
NetApp Data Availability Services | ||
NetApp SolidFire & HCI Management Node | ||
NetApp SolidFire & HCI Storage Node | ||
NetApp SteelStore Cloud Integrated Storage | ||
NetApp H410C | ||
NetApp H410C Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-9391 is a vulnerability in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture.
CVE-2020-9391 allows an attacker to move the memory break downwards when the application expects it to move upwards, potentially causing issues.
The Linux kernel versions 5.4 and 5.5 through 5.5.6 on the AArch64 architecture are affected.
CVE-2020-9391 has a severity rating of medium.
Updating to a version of the Linux kernel that is not affected by CVE-2020-9391 is recommended.