CVE-2020-27820 — MEDIUM (4.7)

Q: How severe is CVE-2020-27820?

CVE-2020-27820 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-27820?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Oracle Communications Cloud Native Core Binding Support Function, Oracle Communications Cloud Native Core Network Exposure Function, Oracle Communications Cloud Native Core Policy.

Vulnerability Description

A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).

CVSS Score

4.7

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 5.4.162
Fedoraproject	Fedora	33
Oracle	Communications Cloud Native Core Binding Support Function	22.1.3
Oracle	Communications Cloud Native Core Network Exposure Function	22.1.1
Oracle	Communications Cloud Native Core Policy	22.2.0

Related Weaknesses (CWE)

CWE-416

References

https://bugzilla.redhat.com/show_bug.cgi?id=1901726Issue TrackingPatchThird Party Advisory
https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline%40redhat.com/Mailing ListVendor Advisory
https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline%40redhat.com/Mailing ListVendor Advisory
https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline%40redhat.com/Mailing ListVendor Advisory
https://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1901726Issue TrackingPatchThird Party Advisory
https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline%40redhat.com/Mailing ListVendor Advisory
https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline%40redhat.com/Mailing ListVendor Advisory
https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline%40redhat.com/Mailing ListVendor Advisory
https://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory

FAQ

What is CVE-2020-27820?

CVE-2020-27820 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-of...

How severe is CVE-2020-27820?

CVE-2020-27820 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-27820?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Oracle Communications Cloud Native Core Binding Support Function, Oracle Communications Cloud Native Core Network Exposure Function, Oracle Communications Cloud Native Core Policy.