A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2020/11/05/2 | Exploit Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2020/11/20/5 | Exploit Mailing List Third Party Advisory |
https://github.com/torvalds/linux/commit/77e70d351db7de07a46ac49b87a6c3c7a60fca7e | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20210702-0006/ | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2020/11/05/2%2C | |
https://www.openwall.com/lists/oss-security/2020/11/20/5%2C |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2021-05-26T11:25:08
Updated: 2021-07-02T11:06:56
Reserved: 2020-09-16T00:00:00
Link: CVE-2020-25669
JSON object: View
NVD Information
Status : Modified
Published: 2021-05-26T12:15:15.743
Modified: 2023-11-07T03:20:21.073
Link: CVE-2020-25669
JSON object: View
Redhat Information
No data.
CWE