CVE-2020-25669

A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.

Published: May 26, 2021
Updated: Apr 14, 2023
CVE: CVE-2020-25669
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	-	4.4.245
linux / linux_kernel	4.5	4.9.245
linux / linux_kernel	4.10	4.14.208
linux / linux_kernel	4.15	4.19.159
linux / linux_kernel	4.20	5.4.79
linux / linux_kernel	5.5	5.9.10
debian / debian_linux	9.0	9.0.x

http://www.openwall.com/lists/oss-security/2020/11/05/2
http://www.openwall.com/lists/oss-security/2020/11/20/5
https://github.com/torvalds/linux/commit/77e70d351db7de07a46ac49b87a6c3c7a60fca7e
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
https://security.netapp.com/advisory/ntap-20210702-0006/
https://www.openwall.com/lists/oss-security/2020/11/05/2,
https://www.openwall.com/lists/oss-security/2020/11/05/2%2C
https://www.openwall.com/lists/oss-security/2020/11/20/5,
https://www.openwall.com/lists/oss-security/2020/11/20/5%2C

Vulnerability Database

289,871

CVE-2020-25669