PT-2020-6446 · Linux+3 · Linux Kernel+3

Dhananjay Arunesh

Published

2020-07-29

Updated

2023-07-28

CVE-2021-20292

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.9

Description The issue is related to the use of memory after it has been freed in the Linux kernel, specifically in the Nouveau DRM subsystem. This can be exploited by an attacker with a local account and root privilege to escalate privileges and execute arbitrary code in the context of the kernel. The problem arises from the lack of validation of an object's existence before performing operations on it.

Recommendations For Linux kernel versions prior to 5.9, update to a version 5.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the Nouveau DRM subsystem until a patch is available.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2020-3058

ALT-PU-2020-3211

ALT-PU-2020-3553

ALT-PU-2020-3570

ALT-PU-2021-1083

ALT-PU-2021-1105

ALT-PU-2021-1621

ALT-PU-2021-1656

ALT-PU-2021-1739

ALT-PU-2021-1862

ALT-PU-2021-1866

ALT-PU-2021-1870

BDU:2021-04835

CVE-2021-20292

DLA-2689-1

OESA-2021-1176

OPENSUSE-SU-2022_1676-1

OPENSUSE-SU-2022_1687-1

OPENSUSE-SU-2022_2111-1

SUSE-SU-2022:1651-1

SUSE-SU-2022:1668-1

SUSE-SU-2022:1669-1

SUSE-SU-2022:1676-1

SUSE-SU-2022:1686-1

SUSE-SU-2022:1687-1

SUSE-SU-2022:2077-1

SUSE-SU-2022:2082-1

SUSE-SU-2022:2083-1

SUSE-SU-2022:2103-1

SUSE-SU-2022:2111-1

SUSE-SU-2022_1651-1

SUSE-SU-2022_1669-1

SUSE-SU-2022_1676-1

SUSE-SU-2022_1686-1

SUSE-SU-2022_1687-1

USN-4946-1

USN-5343-1

Affected Products

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2020-6446 · Linux+3 · Linux Kernel+3

CVE-2021-20292

Weakness Enumeration

Related Identifiers

Affected Products

References · 305