PT-2020-5528 · Linux+6 · Linux Kernel+6

Published

2020-11-25

Updated

2025-04-15

CVE-2020-27835

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10-rc6

Description A use after free issue in the Linux kernel infiniband hfi1 driver was found, related to the way user calls Ioctl after opening the dev file and fork. This could allow a local user to crash the system. The issue is associated with the use of memory after it has been freed, potentially leading to a denial of service.

Recommendations For versions prior to 5.10-rc6, update to version 5.10-rc6 or later to resolve the issue. As a temporary workaround, consider restricting access to the infiniband hfi1 driver to minimize the risk of exploitation.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2021:1578

BDU:2021-01044

CESA-2021_1578

CESA-2021_1739

CVE-2020-27835

MGASA-2021-0030

MGASA-2021-0031

OPENSUSE-SU-2021:0060-1

OPENSUSE-SU-2021_0060-1

OPENSUSE-SU-2022_1676-1

OPENSUSE-SU-2022_1687-1

OPENSUSE-SU-2025_1263-1

RHSA-2021:1578

RHSA-2021:1739

RHSA-2021_1578

RHSA-2021_1739

SUSE-SU-2021:0347-1

SUSE-SU-2021:0348-1

SUSE-SU-2021:0353-1

SUSE-SU-2021:0354-1

SUSE-SU-2021:0427-1

SUSE-SU-2021:0433-1

SUSE-SU-2021:0434-1

SUSE-SU-2021:0438-1

SUSE-SU-2021:0452-1

SUSE-SU-2021:0532-1

SUSE-SU-2022:1669-1

SUSE-SU-2022:1676-1

SUSE-SU-2022:1687-1

SUSE-SU-2022_1669-1

SUSE-SU-2022_1676-1

SUSE-SU-2022_1687-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1263-1

SUSE-SU-2025_1263-1

USN-4751-1

Affected Products

Almalinux

Centos

Linuxmint

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2020-5528 · Linux+6 · Linux Kernel+6

CVE-2020-27835

Weakness Enumeration

Related Identifiers

Affected Products

References · 1002