Vulnerability Details : CVE-2020-25656

A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.

Vulnerability category: Memory Corruption

Published 2020-12-02 01:15:13

Updated 2022-10-25 17:03:05

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2020-25656

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2020-25656

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
1.9	LOW	AV:L/AC:M/Au:N/C:P/I:N/A:N	3.4	2.9	[email protected]
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
4.1	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N	0.5	3.6	[email protected]
Attack Vector: Local Attack Complexity: High Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2020-25656

CWE-416 Use After Free

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Assigned by:
- [email protected] (Secondary)
- [email protected] (Primary)

References for CVE-2020-25656

https://lkml.org/lkml/2020/10/16/84

Exploit;Mailing List;Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html

Mailing List;Third Party Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1888726

Exploit;Issue Tracking;Patch;Third Party Advisory
https://www.starwindsoftware.com/security/sw-20210325-0006/

Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html

Mailing List;Third Party Advisory

CVEs referencing this url
https://lkml.org/lkml/2020/10/29/528

Mailing List;Patch;Third Party Advisory

Products affected by CVE-2020-25656

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions before (<) 5.10
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.10 Update RC1
cpe:2.3:o:linux:linux_kernel:5.10:rc1:*:*:*:*:*:*
Matching versions
Starwindsoftware » Starwind Virtual San » Version: V8 Update Build12533 For Vsphere
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12533:*:*:*:vsphere:*:*
Matching versions
Starwindsoftware » Starwind Virtual San » Version: V8 Update Build12658 For Vsphere
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12658:*:*:*:vsphere:*:*
Matching versions
Starwindsoftware » Starwind Virtual San » Version: V8 Update Build12859 For Vsphere
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12859:*:*:*:vsphere:*:*
Matching versions
Starwindsoftware » Starwind Virtual San » Version: V8 Update Build13170 For Vsphere
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13170:*:*:*:vsphere:*:*
Matching versions
Starwindsoftware » Starwind Virtual San » Version: V8 Update Build13586 For Vsphere
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13586:*:*:*:vsphere:*:*
Matching versions
Starwindsoftware » Starwind Virtual San » Version: V8 Update Build13861 For Vsphere
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13861:*:*:*:vsphere:*:*
Matching versions