CVE-2020-25656: Use After Free
A flaw was found in Linux Kernel, where a race in KDGKBSENT and KDSKBSENT leads to use-after-free read in vtdokdgkbioctl
References: https://groups.google.com/g/syzkaller-bugs/c/kZsmxkpq3UI/m/J35PFexWBgAJ?pli=1
Other sources
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.
Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the vtdokdgkbioctl function. By executing a specially-crafted program, a local authenticated attacker could exploit this vulnerability to cause the system to crash.
— IBM
Affected Software
Remediation
Patch Available
Patch Available
Event History
Parent advisories
This vulnerability appears in the following advisories.
Frequently Asked Questions
What is the severity of CVE-2020-25656?
CVE-2020-25656 has a medium severity rating due to the potential for a use-after-free vulnerability in the Linux Kernel.
How do I fix CVE-2020-25656?
To fix CVE-2020-25656, update your Linux Kernel to the recommended versions, such as 5.10 or apply specific patches provided by your distribution.
Which systems are affected by CVE-2020-25656?
CVE-2020-25656 affects various versions of the Linux Kernel, particularly those in Red Hat Enterprise Linux 7, 8, and Debian 9.0, among others.
What is the exploitability of CVE-2020-25656?
CVE-2020-25656 is considered exploitable under specific conditions where a race condition may lead to unauthorized memory access.
Are there any known mitigations for CVE-2020-25656?
Currently, the primary mitigation for CVE-2020-25656 is to ensure that relevant software is updated to patched versions that address the vulnerability.