PT-2020-3955 · Linux+1 · Linux Kernel+1

Published

2017-03-17

·

Updated

2021-05-20

·

CVE-2020-25220

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions 4.9.x through 4.9.232 Linux kernel versions 4.14.x through 4.14.193 Linux kernel versions 4.19.x through 4.19.139
Description: The issue is related to a use-after-free error in the cgroups feature of the Linux kernel. This error occurs because skcd->no refcnt was not considered during a backport of a patch. The exploitation of this issue may allow an attacker to execute arbitrary code.
Recommendations: For Linux kernel versions 4.9.x through 4.9.232, update to version 4.9.233 or later. For Linux kernel versions 4.14.x through 4.14.193, update to version 4.14.194 or later. For Linux kernel versions 4.19.x through 4.19.139, update to version 4.19.140 or later.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2017-1299
ALT-PU-2018-1557
ALT-PU-2019-1139
ALT-PU-2019-1363
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2020-2737
ALT-PU-2020-3454
ALT-PU-2021-1531
ALT-PU-2021-1840
BDU:2020-04348
CVE-2020-25220
DLA-2420-1
DLA-2420-2
OESA-2021-1086

Affected Products

Alt Linux
Linux Kernel