1. Home
  2. CVE Database
  3. CVE-2020-27825
MEDIUM · 5.7

CVE-2020-27825

A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, ma...

Vulnerability Description

A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.

CVSS Score

5.7

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
LinuxLinux Kernel5.10
RedhatEnterprise Linux7.0
RedhatEnterprise Mrg2.0
DebianDebian Linux9.0
NetappCloud Backup-
NetappSolidfire Baseboard Management Controller Firmware-
NetappSolidfire Baseboard Management Controller-
NetappH410C Firmware-
NetappH410C-

Related Weaknesses (CWE)

CWE-362

References

FAQ

What is CVE-2020-27825?

CVE-2020-27825 is a vulnerability with a CVSS score of 5.7 (MEDIUM). A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, ma...

How severe is CVE-2020-27825?

CVE-2020-27825 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-27825?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux, Redhat Enterprise Mrg, Debian Debian Linux, Netapp Cloud Backup.