Vulnerability Description
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 5.8.17 |
| Redhat | Enterprise Linux | 7.0 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1862849Issue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/12/msg00015.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/12/msg00027.htmlMailing ListThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1862849Issue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/12/msg00015.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/12/msg00027.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2020-14351?
CVE-2020-14351 is a vulnerability with a CVSS score of 7.8 (HIGH). A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escal...
How severe is CVE-2020-14351?
CVE-2020-14351 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-14351?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux, Debian Debian Linux.