CVE-2020-28915

kernel: out-of-bounds read in fbcon_get_font function

Severity Score

5.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.

Una lectura excesiva de buffer (en la capa framebuffer) en el código fbcon en el kernel de Linux versiones anteriores a 5.8.15, podría ser usada por unos atacantes locales para leer la memoria del kernel, también se conoce como CID-6735b4632def

An out-of-bounds (OOB) memory access flaw was found in fbcon_get_font() in drivers/video/fbdev/core/fbcon.c in fbcon driver module in the Linux kernel. A bound check failure allows a local attacker with special user privilege to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to integrity and system availability.

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

*Credits: N/A

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-11-18 CVE Reserved
2020-11-18 CVE Published
2024-08-04 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (7)

URL	Tag	Source
https://bugzilla.suse.com/show_bug.cgi?id=1178886	Issue Tracking

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5af08640795b2b9a940c9266c0260455377ae262	2020-12-15
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6735b4632def0640dbdf4eb9f99816aca18c4f16	2020-12-15
https://syzkaller.appspot.com/bug?id=08b8be45afea11888776f897895aef9ad1c3ecfd	2020-12-15

URL	Date	SRC
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.15	2020-12-15
https://access.redhat.com/security/cve/CVE-2020-28915	2022-06-28
https://bugzilla.redhat.com/show_bug.cgi?id=1899177	2022-06-28

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.8.15 Search vendor "Linux" for product "Linux Kernel" and version " < 5.8.15"		-		Affected