CVE-2020-28974 : A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged

A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.

Published 2020-11-20 18:15:12

Updated 2021-01-27 19:44:46

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2020-28974

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2020-28974

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.1	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:C	3.9	8.5	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Complete
5.0	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H	0.3	4.7	NIST
Attack Vector: Physical Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: High

CWE ids for CVE-2020-28974

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-28974

https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html

[SECURITY] [DLA 2494-1] linux security update
Third Party Advisory

CVEs referencing this url
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.7

Release Notes;Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c4e0dff2095c579b142d5a0693257f1c58b4804

kernel/git/torvalds/linux.git - Linux kernel source tree
Patch;Vendor Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html

[SECURITY] [DLA 2483-1] linux-4.19 security update
Third Party Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2020/11/25/1

oss-security - Re: Linux kernel slab-out-of-bounds Read in fbcon
Mailing List;Third Party Advisory
https://security.netapp.com/advisory/ntap-20210108-0003/

CVE-2020-28974 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security
Third Party Advisory
https://seclists.org/oss-sec/2020/q4/104

oss-sec: Linux kernel slab-out-of-bounds Read in fbcon
Exploit;Mailing List;Third Party Advisory

Products affected by CVE-2020-28974

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions before (<) 5.9.7
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2020-28974

Exploit prediction scoring system (EPSS) score for CVE-2020-28974

CVSS scores for CVE-2020-28974

CWE ids for CVE-2020-28974

References for CVE-2020-28974

Products affected by CVE-2020-28974