PT-2020-5281 · Linux+1 · Linux Kernel+1

Adam Zabrocki

Published

2020-10-15

Updated

2022-09-02

CVE-2020-27825

CVSS v3.1

5.7

Medium

Vector

AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10-rc1

Description A use-after-free flaw was found in kernel/trace/ring buffer.c, which could cause a denial of service problem due to a race condition in trace open and resize of cpu buffer running in parallel on different CPUs. This issue may also allow a local attacker with special user privileges to leak kernel information.

Recommendations For Linux kernel versions prior to 5.10-rc1, update to version 5.10-rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to the kernel/trace/ring buffer.c component to minimize the risk of exploitation.

Fix

DoS

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

BDU:2021-00011

CVE-2020-27825

DLA-2557-1

DLA-2586-1

DSA-4843-1

MGASA-2021-0030

MGASA-2021-0031

OPENSUSE-SU-2021:0060-1

OPENSUSE-SU-2021:0075-1

OPENSUSE-SU-2021:0242-1

OPENSUSE-SU-2021_0060-1

OPENSUSE-SU-2021_0075-1

OPENSUSE-SU-2021_0242-1

SUSE-SU-2021:0094-1

SUSE-SU-2021:0095-1

SUSE-SU-2021:0096-1

SUSE-SU-2021:0097-1

SUSE-SU-2021:0098-1

SUSE-SU-2021:0108-1

SUSE-SU-2021:0117-1

SUSE-SU-2021:0118-1

SUSE-SU-2021:0133-1

SUSE-SU-2021:0434-1

SUSE-SU-2021:0437-1

SUSE-SU-2021:0438-1

SUSE-SU-2021:0452-1

SUSE-SU-2022:0197-1

Affected Products

Linux Kernel

Suse

PT-2020-5281 · Linux+1 · Linux Kernel+1

CVE-2020-27825

Weakness Enumeration

Related Identifiers

Affected Products

References · 1102