PT-2020-6662 · Linux+4 · Linux Kernel+4

Bodong Zhao

+1

·

Published

2020-11-01

·

Updated

2024-06-15

·

CVE-2020-25668

CVSS v3.1

7.0

High

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux Kernel versions prior to 5.9.2
Description The issue is related to a use-after-free flaw in the Linux Kernel's tty subsystem, which can be exploited to gain access to sensitive information or cause a denial of service. The problem arises from improper synchronization of access to the global variable fg console, leading to a use-after-free condition in con font op.
Recommendations For Linux Kernel versions prior to 5.9.2, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the con font op function until a patch is available.

Exploit

Fix

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-662CWE-362CWE-416

Related Identifiers

BDU:2022-03140
CVE-2020-25668
DLA-2483-1
DLA-2494-1
MGASA-2021-0030
MGASA-2021-0031
OPENSUSE-SU-2020:1906-1
OPENSUSE-SU-2020:2112-1
OPENSUSE-SU-2020:2260-1
OPENSUSE-SU-2020_1906-1
OPENSUSE-SU-2020_2112-1
OPENSUSE-SU-2020_2260-1
OPENSUSE-SU-2021:0242-1
OPENSUSE-SU-2021_0242-1
OPENSUSE-SU-2024:10728-1
OPENSUSE-SU-2024:13704-1
SUSE-SU-2020:3484-1
SUSE-SU-2020:3503-1
SUSE-SU-2020:3507-1
SUSE-SU-2020:3512-1
SUSE-SU-2020:3513-1
SUSE-SU-2020:3522-1
SUSE-SU-2020:3532-1
SUSE-SU-2020:3544-1
SUSE-SU-2020:3648-1
SUSE-SU-2020:3651-1
SUSE-SU-2020:3670-1
SUSE-SU-2020:3690-1
SUSE-SU-2020:3698-1
SUSE-SU-2020:3713-1
SUSE-SU-2020:3715-1
SUSE-SU-2020:3717-1
SUSE-SU-2020:3748-1
SUSE-SU-2020_3698-1
SUSE-SU-2021:0437-1
SUSE-SU-2021:14630-1
SUSE-SU-2021_14630-1
USN-4679-1
USN-4680-1
USN-4681-1
USN-4751-1

Affected Products

Astra Linux
Linux Kernel
Linuxmint
Suse
Ubuntu