CVE-2020-27820

MEDIUM4.7

A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver)

Published Nov 2, 2021

Modified 1 years ago

No fix available

Details

A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).

References

WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1901726 WEBhttps://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline%40redhat.com/WEBhttps://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline%40redhat.com/WEBhttps://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline%40redhat.com/ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2020-27820 WEBhttps://www.oracle.com/security-alerts/cpujul2022.html

CVSS Analysis

CVSS v3.1

4.7

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

HighAC:H

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

4.7/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness Type (CWE)

Memory Safety

CWE-416

Use After Free

Ecosystems

Timeline

PublishedNov 2, 2021

ModifiedAug 4, 2024