CVE-2020-25656

Published Dec 2, 2020

Last updated 2 years ago

CVSS medium 4.1

Overview

Description: A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.1
Impact score: 3.6
Exploitability score: 0.5
Vector string: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 1.9
Impact score: 2.9
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

secalert@redhat.com: CWE-416
nvd@nist.gov: CWE-416

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D61CA62B-157A-4415-B8FD-7C3C1208315D",
            "versionEndExcluding": "5.10"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.10:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DD7EB1D-064C-4DB9-AD34-D8EF78312C17"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12533:*:*:*:vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E5C2815-65C8-48D7-BF31-6104EDD0CBE5"
          },
          {
            "criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12658:*:*:*:vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FF4A265-AFFD-4853-B3CE-A55E950E8B5B"
          },
          {
            "criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12859:*:*:*:vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6484296-5BA8-408A-A087-A0D86BA50703"
          },
          {
            "criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13170:*:*:*:vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D31D4A3-7D1E-472F-9BB6-AF889DA7C763"
          },
          {
            "criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13586:*:*:*:vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F67B6B43-FF39-4B05-8704-EDFCED4117E6"
          },
          {
            "criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13861:*:*:*:vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C79FA879-7855-467B-A98D-7D914940F9D3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References