6.1

CVE-2020-28974

Exploit
A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.9.7
DebianDebian Linux Version9.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.51% 0.394
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 0.3 4.7
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
nvd@nist.gov 6.1 3.9 8.5
AV:L/AC:L/Au:N/C:P/I:P/A:C
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/11/25/1
Third Party Advisory
Mailing List
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.7
Vendor Advisory
Release Notes
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c4e0dff2095c579b142d5a0693257f1c58b4804
Patch
Vendor Advisory
https://seclists.org/oss-sec/2020/q4/104
Third Party Advisory
Exploit
Mailing List
https://security.netapp.com/advisory/ntap-20210108-0003/
Third Party Advisory