7.2

CVE-2020-27777

Exploit
A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 4.14.204
LinuxLinux Kernel Version >= 4.15 < 4.19.155
LinuxLinux Kernel Version >= 4.20 < 5.4.75
LinuxLinux Kernel Version >= 5.5 < 5.9.5
RedhatEnterprise Linux Version5.0
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.5% 0.392
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://bugzilla.redhat.com/show_bug.cgi?id=1900844
Patch
Third Party Advisory
Issue Tracking
https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next&id=bd59380c5ba4147dcbaad3e582b55ccfd120b764
Patch
Vendor Advisory
Exploit
https://www.openwall.com/lists/oss-security/2020/10/09/1
Patch
Third Party Advisory
Exploit
Mailing List
https://www.openwall.com/lists/oss-security/2020/11/23/2
Third Party Advisory
Mailing List