CVE-2020-9391
First published: Tue Feb 25 2020(Updated: )
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | >=5.5<=5.5.6 | |
| Linux Linux kernel | =5.4 | |
| Fedoraproject Fedora | =31 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | ||
| Netapp Cloud Backup | ||
| Netapp Data Availability Services | ||
| Netapp Hci Management Node | ||
| Netapp Solidfire | ||
| Netapp Steelstore Cloud Integrated Storage | ||
| Netapp H410c Firmware | ||
| Netapp H410c |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2020/02/25/6
- https://bugzilla.redhat.com/show_bug.cgi?id=1797052
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dcde237319e626d1ec3c9d8b7613032f0fd4663a
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O4LH35HOPBJIKYHYFXMBBM75DN75PZHZ/
- https://security.netapp.com/advisory/ntap-20200313-0003/
Frequently Asked Questions
What is CVE-2020-9391?
CVE-2020-9391 is a vulnerability in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture.
How does CVE-2020-9391 affect the Linux kernel?
CVE-2020-9391 allows an attacker to move the memory break downwards when the application expects it to move upwards, potentially causing issues.
Which systems are affected by CVE-2020-9391?
The Linux kernel versions 5.4 and 5.5 through 5.5.6 on the AArch64 architecture are affected.
What is the severity of CVE-2020-9391?
CVE-2020-9391 has a severity rating of medium.
How can I fix CVE-2020-9391?
Updating to a version of the Linux kernel that is not affected by CVE-2020-9391 is recommended.
- agent/references
- agent/type
- agent/author
- agent/severity
- agent/weakness
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/5.5
- version/linux linux kernel/5.5.6
- version/linux linux kernel/5.4
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/31
- vendor/netapp
- canonical/netapp active iq unified manager vmware vsphere
- canonical/netapp cloud backup
- canonical/netapp data availability services
- canonical/netapp hci management node
- canonical/netapp solidfire
- canonical/netapp steelstore cloud integrated storage
- canonical/netapp h410c firmware
- canonical/netapp h410c