PT-2020-1608 · Linux+5 · Linux Kernel+5

Tristan Madani

·

Published

2020-01-30

·

Updated

2021-12-30

·

CVE-2020-8649

CVSS v2.0

6.2

Medium

VectorAV:L/AC:L/Au:S/C:C/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.5.2
Description The issue is related to a use-after-free vulnerability in the vgacon invert region function, located in drivers/video/console/vgacon.c. This vulnerability may allow an attacker to disclose protected information or cause a denial of service.
Recommendations For Linux kernel versions through 5.5.2, update to a version newer than 5.5.2 to resolve the issue. As a temporary workaround, consider restricting access to the vgacon invert region function in drivers/video/console/vgacon.c until a patch is available.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2020:4431
ALT-PU-2020-1219
ALT-PU-2020-1251
ALT-PU-2020-1421
ALT-PU-2020-1450
ALT-PU-2020-1458
ALT-PU-2020-1476
ALT-PU-2020-1501
ALT-PU-2020-1524
ALT-PU-2020-1714
ALT-PU-2020-1945
ALT-PU-2020-2164
ALT-PU-2020-3057
ALT-PU-2021-1621
ALT-PU-2021-1656
ALT-PU-2021-1739
ALT-PU-2021-1745
ALT-PU-2021-1862
ALT-PU-2021-1866
ALT-PU-2021-1870
BDU:2020-00786
CESA-2020_4060
CESA-2020_4431
CESA-2020_4609
CVE-2020-8649
DLA-2241-1
DLA-2241-2
DLA-2242-1
DSA-4698-1
LSN-0066-1
LSN-0068-1
MGASA-2020-0140
MGASA-2020-0158
OPENSUSE-SU-2020:0388-1
OPENSUSE-SU-2020_0388-1
RHSA-2020:4060
RHSA-2020:4062
RHSA-2020:4431
RHSA-2020:4609
RHSA-2020_4060
RHSA-2020_4062
RHSA-2020_4431
RHSA-2020_4609
RHSA-2022:1209
RHSA-2022:1213
SUSE-SU-2020:0836-1
SUSE-SU-2020:1084-1
SUSE-SU-2020:1085-1
SUSE-SU-2020:1087-1
SUSE-SU-2020:1118-1
SUSE-SU-2020:1119-1
SUSE-SU-2020:1123-1
SUSE-SU-2020:1141-1
SUSE-SU-2020:1142-1
SUSE-SU-2020:1255-1
SUSE-SU-2020:1275-1
SUSE-SU-2020:14354-1
SUSE-SU-2020:1663-1
SUSE-SU-2020_1663-1

Affected Products

Alt Linux
Almalinux
Centos
Linux Kernel
Red Hat
Suse