Vulnerability CVE-2020-28941

Vulnerability Name:

CVE-2020-28941 (CCN-192042)

Assigned:

2020-11-19

Published:

2020-11-19

Updated:

2022-10-19

Summary:

An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.0 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-763

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-28941

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[oss-security] 20201119 Re: Linux kernel NULL-ptr deref bug in spk_ttyio_ldisc_close

Source: XF
Type: UNKNOWN
linux-kernel-cve202028941-dos(192042)

Source: MISC
Type: Patch, Vendor Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d4122754442799187d5d537a9c039a49a67e57f1

Source: MISC
Type: Patch, Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-linus&id=d4122754442799187d5d537a9c039a49a67e57f1

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/torvalds/linux/commit/d4122754442799187d5d537a9c039a49a67e57f1

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update

Source: FEDORA
Type: Third Party Advisory
FEDORA-2020-8c15928d23

Source: FEDORA
Type: Third Party Advisory
FEDORA-2020-4700a73bd5

Source: CCN
Type: oss-sec Mailing List, Thu, 19 Nov 2020 10:46:59 +0800
Linux kernel NULL-ptr deref bug in spk_ttyio_ldisc_close

Source: CCN
Type: oss-sec Mailing List, Thu, 19 Nov 2020 17:25:08 +0100
Re: Linux kernel NULL-ptr deref bug in spk_ttyio_ldisc_close

Source: CCN
Type: Linux Kernel Web site
The Linux Kernel Archives

Source: MISC
Type: Mailing List, Patch, Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/11/19/3

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-28941

Vulnerable Configuration:

Configuration 1:

cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version <= 5.9.9)

Configuration 2:

cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:4.19:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:4.20:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.0:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.1:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.2:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.3:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.4:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.5:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.6.0:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.8:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.9:rc1:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8029	P	kernel-docs-5.14.21-150500.53.2 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:8090	P	reiserfs-kmp-default-5.14.21-150500.53.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7562	P	libXinerama-devel-1.1.3-1.22 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7701	P	libxkbcommon-devel-1.3.0-150400.1.13 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7539	P	kernel-64kb-5.14.21-150500.53.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:665	P	Security update for samba (Moderate)	2022-08-03
oval:org.opensuse.security:def:94470	P	(Important)	2022-07-14
oval:org.opensuse.security:def:3448	P	busybox-1.21.1-3.3 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3453	P	clamav-0.101.3-1.19 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3358	P	rtkit-0.11_git201205151338-8.14 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3567	P	libXtst6-1.2.2-7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3398	P	wpa_supplicant-2.6-15.10.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94590	P	kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94870	P	buildah-1.23.1-150400.1.17 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95197	P	kernel-default-extra-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95028	P	kernel-docs-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95151	P	rsyslog-module-gssapi-8.2106.0-150400.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95078	P	reiserfs-kmp-default-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2960	P	kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95156	P	spice-gtk-devel-0.39-150400.2.13 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95083	P	kernel-azure-5.14.21-150400.12.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:89	P	kernel-64kb-5.3.18-57.3 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:101583	P	Security update for libsolv, libzypp, zypper (Important)	2022-04-12
oval:org.opensuse.security:def:102280	P	Security update for php7 (Moderate)	2022-03-03
oval:org.opensuse.security:def:101864	P	Security update for netcdf (Important)	2021-12-02
oval:org.opensuse.security:def:102335	P	Security update for the Linux Kernel (Important)	2021-10-12
oval:org.opensuse.security:def:96739	P	patch-2.7.6-3.5 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96750	P	procmail-3.22-2.34 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:63125	P	kernel-azure-5.3.18-36.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2013	P	reiserfs-kmp-default-5.3.18-57.3 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2036	P	kernel-azure-5.3.18-36.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63102	P	reiserfs-kmp-default-5.3.18-57.3 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62107	P	kernel-64kb-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63019	P	kernel-docs-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100865	P	kernel-64kb-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71848	P	kernel-64kb-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1018	P	kernel-64kb-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101183	P	libcairo2-32bit-1.16.0-1.55 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101277	P	kernel-docs-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72738	P	kernel-docs-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1930	P	kernel-docs-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:4461	P	Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP5) (Important)	2021-07-27
oval:org.opensuse.security:def:101869	P	Security update for java-1_8_0-openjdk (Moderate)	2021-06-17
oval:org.opensuse.security:def:111206	P	Security update for RT kernel (Moderate)	2021-02-05
oval:org.opensuse.security:def:97173	P	Recommended update for RT kernel (Low)	2021-02-04
oval:org.opensuse.security:def:110918	P	Security update for the Linux Kernel (Important)	2020-12-15
oval:org.opensuse.security:def:68790	P	Security update for the Linux Kernel (Important)	2020-12-11
oval:org.opensuse.security:def:102666	P	Security update for the Linux Kernel (Important)	2020-12-11
oval:org.opensuse.security:def:109332	P	Security update for the Linux Kernel (Important)	2020-12-11
oval:org.opensuse.security:def:95953	P	Security update for the Linux Kernel (Important)	2020-12-11
oval:org.opensuse.security:def:118423	P	Security update for the Linux Kernel (Important)	2020-12-11
oval:org.opensuse.security:def:95567	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:117870	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:109518	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:108249	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:73569	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:7056	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:96162	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:118614	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:109001	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:66697	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:102965	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:10631	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:95622	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:117924	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:109631	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:64447	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:74618	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:96293	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:119771	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:117364	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:67529	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:5608	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:70771	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:108535	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:65550	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:117763	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:68145	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:107849	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:6440	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:108946	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:75765	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:102852	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:8352	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:68651	P	Security update for the Linux Kernel (Important)	2020-12-08
oval:org.opensuse.security:def:5603	P	Security update for the Linux Kernel (Important)	2020-12-08
oval:org.opensuse.security:def:108530	P	Security update for the Linux Kernel (Important)	2020-12-08
oval:org.opensuse.security:def:102607	P	Security update for the Linux Kernel (Important)	2020-12-08
oval:org.opensuse.security:def:109273	P	Security update for the Linux Kernel (Important)	2020-12-08
oval:org.opensuse.security:def:95894	P	Security update for the Linux Kernel (Important)	2020-12-08
oval:org.opensuse.security:def:118359	P	Security update for the Linux Kernel (Important)	2020-12-08
oval:org.opensuse.security:def:75760	P	Security update for the Linux Kernel (Important)	2020-12-08
oval:org.opensuse.security:def:66692	P	Security update for the Linux Kernel (Important)	2020-12-08
oval:org.opensuse.security:def:110901	P	Security update for the Linux Kernel (Important)	2020-12-04

BACK