CVE-2020-7053
kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c.
En el kernel de Linux versión 4.14 a largo plazo versiones hasta 4.14.165 y versiones 4.19 a largo plazo hasta 4.19.96 (y versiones 5.x anteriores a 5.2), se presenta un uso de la memoria previamente liberada (escribir) en la función i915_ppgtt_close en el archivo drivers/gpu/drm/i915/i915_gem_gtt.c, también se conoce como CID-7dc40713618c. Esto está relacionado con la función i915_gem_context_destroy_ioctl en el archivo drivers/gpu/drm/i915/i915_gem_context.c.
A use-after-free flaw was found in the Linux kernel’s GPU driver functionality when destroying GEM context. A local user could use this flaw to crash the system or potentially escalate their privileges.
Mitchell Frank discovered that the Wi-Fi implementation in the Linux kernel when used as an access point would send IAPP location updates for stations before client authentication had completed. A physically proximate attacker could use this to cause a denial of service. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-14 CVE Reserved
- 2020-01-14 CVE Published
- 2024-08-04 CVE Updated
- 2025-04-29 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html | X_refsource_misc |
|
| https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1859522 | Third Party Advisory | |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2 | Third Party Advisory | |
| https://lore.kernel.org/stable/20200114183937.12224-1-tyhicks%40canonical.com | X_refsource_misc | |
| https://security.netapp.com/advisory/ntap-20200204-0002 | X_refsource_confirm |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7dc40713618c884bf07c030d1ab1f47a9dc1f310 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html | 2023-11-07 | |
| https://usn.ubuntu.com/4255-1 | 2023-11-07 | |
| https://usn.ubuntu.com/4255-2 | 2023-11-07 | |
| https://usn.ubuntu.com/4285-1 | 2023-11-07 | |
| https://usn.ubuntu.com/4287-1 | 2023-11-07 | |
| https://usn.ubuntu.com/4287-2 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2020-7053 | 2021-03-16 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1795624 | 2021-03-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.14 <= 4.14.165 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 <= 4.14.165" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.19 <= 4.19.96 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19 <= 4.19.96" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.0 <= 5.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.0 <= 5.2" | - |
Affected
| ||||||