PT-2020-1813 · Linux+2 · Linux Kernel+2

Victor Stinner

Published

2020-02-20

Updated

2022-04-18

CVE-2020-9391

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.4 through 5.5.6

Description An issue in the Linux kernel on the AArch64 architecture ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards. This has been observed to cause heap corruption with the GNU C Library malloc implementation. The issue is related to a buffer overflow in memory, which can be exploited to cause a denial of service.

Recommendations For Linux kernel versions 5.4 through 5.5.6, consider updating to a newer version to mitigate the risk of heap corruption and denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

ALT-PU-2020-1414

ALT-PU-2020-1424

ALT-PU-2020-1638

ALT-PU-2020-1646

BDU:2020-01076

CVE-2020-9391

MGASA-2020-0140

MGASA-2020-0158

Affected Products

Alt Linux

Gnu C Library

Linux Kernel

PT-2020-1813 · Linux+2 · Linux Kernel+2

CVE-2020-9391

Weakness Enumeration

Related Identifiers

Affected Products

References · 46