CVE-2020-27786

A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openshift_container_platform:4.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

History

16 May 2023, 10:49

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:5.7:rc6:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

02 Feb 2023, 22:23

Type Values Removed Values Added
References (CONFIRM) https://security.netapp.com/advisory/ntap-20210122-0002/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20210122-0002/ - Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2020/12/03/1 - (MLIST) http://www.openwall.com/lists/oss-security/2020/12/03/1 - Mailing List
First Time Netapp
Netapp cloud Backup
Netapp solidfire Baseboard Management Controller
CPE cpe:2.3:a:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:* cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*

12 May 2021, 15:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2020/12/03/1 -
Summary A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation. A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

26 Jan 2021, 18:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20210122-0002/ -

Information

Published : 2020-12-11 05:15

Updated : 2023-12-10 13:41


NVD link : CVE-2020-27786

Mitre link : CVE-2020-27786

CVE.ORG link : CVE-2020-27786


JSON object : View

Products Affected

redhat

  • enterprise_mrg
  • enterprise_linux
  • openshift_container_platform

netapp

  • cloud_backup
  • solidfire_baseboard_management_controller

linux

  • linux_kernel
CWE
CWE-416

Use After Free