Vulnerability CVE-2021-20292

Vulnerability Name:

CVE-2021-20292 (CCN-202706)

Assigned:

2020-12-17

Published:

2021-04-13

Updated:

2023-07-28

Summary:

CVSS v3 Severity:

6.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

6.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-20292

Source: CCN
Type: Red Hat Bugzilla - Bug 1939686
(CVE-2021-20292) - CVE-2021-20292 kernel: DRM Memory Management Double Free Privilege Escalation Vulnerability

Source: secalert@redhat.com
Type: Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
linux-kernel-cve202120292-priv-esc(202706)

Source: CCN
Type: Linux Kernel GIT Repository
drm/ttm/nouveau: don't call tt destroy callback on alloc failure

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-20292

Vulnerable Configuration:

Configuration CCN 1:

cpe:/o:linux:linux_kernel:5.8:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:531	P	Security update for the Linux Kernel (Important)	2022-06-17
oval:org.opensuse.security:def:125369	P	Security update for the Linux Kernel (Important)	2022-06-14
oval:org.opensuse.security:def:125732	P	Security update for the Linux Kernel (Important)	2022-06-14
oval:org.opensuse.security:def:126898	P	Security update for the Linux Kernel (Important)	2022-06-14
oval:org.opensuse.security:def:125112	P	Security update for the Linux Kernel (Important)	2022-06-14
oval:org.opensuse.security:def:127295	P	Security update for the Linux Kernel (Important)	2022-06-14
oval:org.opensuse.security:def:4604	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:1760	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:890	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:481	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:6039	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:42381	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:1559	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:4734	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:1803	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:1168	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:6331	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:42383	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:1596	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:5241	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:42282	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:1234	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:4295	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:1750	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:42284	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:1350	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:6034	P	Security update for the Linux Kernel (Important)	2022-05-12

BACK