// For flags

CVE-2020-27825

 

Severity Score

5.7
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.

Se encontró un fallo de uso de la memoria previamente liberada en el archivo kernel/trace/ring_buffer.c en el kernel de Linux (anteriores a la versión 5.10-rc1). Se presentó un problema de carrera en trace_open y el cambio de tamaño del búfer de la CPU ejecutándose paralelamente en diferentes CPUs, puede causar un problema de Denegación de Servicio (DOS). Este fallo podría inclusive permitir a un atacante local con privilegios especiales de usuario amenazar con una filtración de información del kernel

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-10-27 CVE Reserved
  • 2020-12-11 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Netapp
Search vendor "Netapp"
Solidfire Baseboard Management Controller Firmware
Search vendor "Netapp" for product "Solidfire Baseboard Management Controller Firmware"
--
Affected
in Netapp
Search vendor "Netapp"
Solidfire Baseboard Management Controller
Search vendor "Netapp" for product "Solidfire Baseboard Management Controller"
--
Safe
Netapp
Search vendor "Netapp"
H410c Firmware
Search vendor "Netapp" for product "H410c Firmware"
--
Affected
in Netapp
Search vendor "Netapp"
H410c
Search vendor "Netapp" for product "H410c"
--
Safe
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
5.10
Search vendor "Linux" for product "Linux Kernel" and version "5.10"
rc1
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
7.0
Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Mrg
Search vendor "Redhat" for product "Enterprise Mrg"
2.0
Search vendor "Redhat" for product "Enterprise Mrg" and version "2.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
10.0
Search vendor "Debian" for product "Debian Linux" and version "10.0"
-
Affected
Netapp
Search vendor "Netapp"
Cloud Backup
Search vendor "Netapp" for product "Cloud Backup"
--
Affected