QwikSec

Security Database

CVE

CWE

Training

CVE-2020-28974

Published: Nov 20, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c4e0dff2095c579b142d5a0693257f1c58b4804

x_refsource_MISC

https://seclists.org/oss-sec/2020/q4/104

x_refsource_MISC

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.7

x_refsource_MISC

[oss-security] 20201124 Re: Linux kernel slab-out-of-bounds Read in fbcon

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update

mailing-list

x_refsource_MLIST

https://security.netapp.com/advisory/ntap-20210108-0003/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.