Vulnerability Details : CVE-2020-28915
A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.
Products affected by CVE-2020-28915
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-28915
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-28915
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.1
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:C |
3.9
|
8.5
|
NIST | |
5.8
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H |
0.3
|
5.5
|
NIST |
CWE ids for CVE-2020-28915
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-28915
-
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5af08640795b2b9a940c9266c0260455377ae262
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.15
Release Notes;Vendor Advisory
-
https://syzkaller.appspot.com/bug?id=08b8be45afea11888776f897895aef9ad1c3ecfd
KASAN: global-out-of-bounds Read in fbcon_get_fontPatch;Third Party Advisory
-
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6735b4632def0640dbdf4eb9f99816aca18c4f16
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
https://bugzilla.suse.com/show_bug.cgi?id=1178886
Bug 1178886 – VUL-0: CVE-2020-28915: kernel-source: kernel buffer overflow read in font handlingIssue Tracking;Third Party Advisory
Jump to