PT-2020-4968 · Linux+8 · Linux Kernel+8
Minh Yuan
·
Published
2020-11-08
·
Updated
2021-05-28
·
CVE-2020-28974
CVSS v2.0
6.1
Medium
| Vector | AV:L/AC:L/Au:N/C:P/I:P/A:C |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 5.9.7
Description
The issue is related to a slab-out-of-bounds read in the fbcon component of the Linux kernel. This occurs because the
KD FONT OP COPY function in drivers/tty/vt/vt.c can be used for manipulations such as font height, allowing local attackers to read privileged information or potentially crash the kernel.Recommendations
For Linux kernel versions prior to 5.9.7, update to version 5.9.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the
KD FONT OP COPY function in drivers/tty/vt/vt.c to minimize the risk of exploitation.Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu