1. Home
  2. Vulnerabilities
  3. CVE-2020-27786

CVE-2020-27786

CVSS v3.1 7.8 (High)
78% Progress
CVSS v2.0 7.2 (High)
72% Progress
EPSS 0.04 % (10th)
0.04% Progress
Affected Products 6
Advisories 31
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Weaknesses
CWE-416
Use After Free
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2020-12-11 05:15:12
(3 years ago)
Updated Date
2023-05-16 10:49:08
(16 months ago)

Affected Products

Linux

Netapp

Redhat

Configuration #1

    CPE23 From Up To
  Linux Kernel prior 4.4.224 version cpe:2.3:o:linux:linux_kernel < 4.4.224
  Linux Kernel from 4.5 version and prior 4.9.224 version cpe:2.3:o:linux:linux_kernel >= 4.5 < 4.9.224
  Linux Kernel from 4.10 version and prior 4.14.181 version cpe:2.3:o:linux:linux_kernel >= 4.10 < 4.14.181
  Linux Kernel from 4.15 version and prior 4.19.124 version cpe:2.3:o:linux:linux_kernel >= 4.15 < 4.19.124
  Linux Kernel from 4.20 version and prior 5.4.42 version cpe:2.3:o:linux:linux_kernel >= 4.20 < 5.4.42
  Linux Kernel from 5.5 version and prior 5.6.14 version cpe:2.3:o:linux:linux_kernel >= 5.5 < 5.6.14

Configuration #2

    CPE23 From Up To
  Redhat Openshift Container Platform 4.4 cpe:2.3:a:redhat:openshift_container_platform:4.4
  Redhat Openshift Container Platform 4.5 cpe:2.3:a:redhat:openshift_container_platform:4.5
  Redhat Openshift Container Platform 4.6 cpe:2.3:a:redhat:openshift_container_platform:4.6
  Redhat Enterprise Linux 7.0 cpe:2.3:o:redhat:enterprise_linux:7.0
  Redhat Enterprise Linux 8.0 cpe:2.3:o:redhat:enterprise_linux:8.0
  Redhat Enterprise Mrg 2.0 cpe:2.3:o:redhat:enterprise_mrg:2.0

Configuration #3

    CPE23 From Up To
  Netapp Cloud Backup cpe:2.3:a:netapp:cloud_backup:-
  Netapp Solidfire Baseboard Management Controller cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-