PT-2020-2226 · Linux+6 · Linux Kernel+6

Wang Wang

·

Published

2020-03-21

·

Updated

2021-05-28

·

CVE-2020-12657

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.6.5
Description The issue is related to a use-after-free in the block/bfq-iosched.c file, specifically with the bfq idle slice timer body function. This could allow an attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations For Linux kernel versions prior to 5.6.5, update to version 5.6.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the bfq idle slice timer body function until a patch is available.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2020-1913
ALT-PU-2020-1917
ALT-PU-2020-1928
ALT-PU-2020-1929
ALT-PU-2020-2153
ALT-PU-2020-2164
ALT-PU-2021-1621
ALT-PU-2021-1656
ALT-PU-2021-1739
ALT-PU-2021-1862
ALT-PU-2021-1866
ALT-PU-2021-1870
BDU:2020-02142
CESA-2020_2427
CESA-2020_2428
CESA-2020_2567
CVE-2020-12657
OPENSUSE-SU-2020:0801-1
OPENSUSE-SU-2020_0801-1
RHSA-2020:2427
RHSA-2020:2428
RHSA-2020:2429
RHSA-2020:2567
RHSA-2020:2667
RHSA-2020:2669
RHSA-2020_2427
RHSA-2020_2428
SUSE-SU-2020:1587-1
SUSE-SU-2020:1599-1
SUSE-SU-2020:1602-1
SUSE-SU-2020:1603-1
SUSE-SU-2020:1604-1
SUSE-SU-2020:1605-1
SUSE-SU-2020:1663-1
SUSE-SU-2020:2156-1
SUSE-SU-2020:2478-1
SUSE-SU-2020:2487-1
SUSE-SU-2020_1587-1
SUSE-SU-2020_1599-1
SUSE-SU-2020_1602-1
SUSE-SU-2020_1603-1
SUSE-SU-2020_1604-1
SUSE-SU-2020_1605-1
SUSE-SU-2020_1663-1
USN-4363-1
USN-4367-1
USN-4367-2
USN-4368-1
USN-4369-1

Affected Products

Alt Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu