QwikSec

Security Database

CVE

CWE

Training

CVE-2020-27786

Published: Dec 11, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Vendor	Product	Versions
n/a	kernel	affected `kernel 5.7-rc6`

Weaknesses (CWE)

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d

x_refsource_MISC

[oss-security] 20201203 Re: Linux Kernel: ALSA: use-after-free Write in snd_rawmidi_kernel_write1

mailing-list

x_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=1900933

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20210122-0002/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.