#VU64793 Buffer Over-read in Linux kernel - CVE-2020-28915
Published: June 29, 2022 / Updated: July 20, 2022
Vulnerability identifier: #VU64793
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-28915
CWE-ID: CWE-126
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user with physical access to perform a denial of service attack.
The vulnerability exists due to an out-of-bounds (OOB) memory access flaw in fbcon_get_font() function in drivers/video/fbdev/core/fbcon.c in fbcon driver module in the Linux kernel. A local user with special user privilege and with physical access can gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information.
Remediation
Install updates from vendor's website.
External links
- https://bugzilla.suse.com/show_bug.cgi?id=1178886
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.15
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5af08640795b2b9a940c9266c0260455377ae262
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6735b4632def0640dbdf4eb9f99816aca18c4f16
- https://syzkaller.appspot.com/bug?id=08b8be45afea11888776f897895aef9ad1c3ecfd