Main Vulnerability Database Vulnerabilities #VU46586

Use-after-free in Linux kernel - CVE-2020-10720

Published: September 3, 2020 / Updated: September 18, 2020

Vulnerability identifier: #VU46586

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-10720

CWE-ID: CWE-416

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system.

Remediation

Install update from vendor's website.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=1781204
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4270d6795b0580287453ea55974d948393e66ef

Use-after-free in Linux kernel - CVE-2020-10720

Description

Remediation

External links

Please verify you're human