Main Vulnerability Database SB2020120318

SB2020120318 - Use after free in Linux kernel fs

Published: December 3, 2020

Security Bulletin ID SB2020120318

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use after free (CVE-ID: CVE-2020-14381)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to use after free error within the get_futex_key_refs(), drop_futex_key_refs() and futex_setup_timer() functions in kernel/futex.c, within the inode_init_always() function in fs/inode.c. A local user can execute arbitrary code.

Remediation

Install update from vendor's website.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1874311
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254