Vulnerabilities > CVE-2020-27835 - Use After Free vulnerability in Linux Infiniband Hfi1 Driver 5.10

CVSS 4.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

local

low complexity

linux

CWE-416

NVD

Published: 2021-01-07

Updated: 2021-01-14

Summary

A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.

Vulnerable Configurations

Part	Description	Count
Application	Linux Linux Infiniband Hfi1 Driver * Linux Infiniband Hfi1 Driver 5.10	6

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://bugzilla.redhat.com/show_bug.cgi?id=1901709