Vulnerabilities > CVE-2020-27820 - Use After Free vulnerability in multiple products
Attack vector
LOCAL Attack complexity
HIGH Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1901726
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline%40redhat.com/
- https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline%40redhat.com/
- https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline%40redhat.com/