CVE-2020-27820

CVSS v3.1 4.7 (Medium)

CVSS v2.0 4.7 (Medium)

EPSS 0.04 % (17^th)

Affected Products 5

Advisories 23

A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2021-11-03 00:15:07
(2 years ago)
Updated Date: 2024-01-30 20:48:01
(7 months ago)

Affected Products

Fedoraproject

Fedora

Linux

Linux Kernel

Oracle

Configuration #1

	CPE23	From	Up To
Linux Kernel above 2.6.12 version and prior 5.4.162 version	cpe:2.3:o:linux:linux_kernel	> 2.6.12	< 5.4.162
Linux Kernel above 5.5 version and prior 5.10.82 version	cpe:2.3:o:linux:linux_kernel	> 5.5	< 5.10.82
Linux Kernel above 5.11 version and prior 5.15.5 version	cpe:2.3:o:linux:linux_kernel	> 5.11	< 5.15.5
Linux Kernel 2.6.12	cpe:2.3:o:linux:linux_kernel:2.6.12:-
Linux Kernel 2.6.12 Rc2	cpe:2.3:o:linux:linux_kernel:2.6.12:rc2
Linux Kernel 2.6.12 Rc3	cpe:2.3:o:linux:linux_kernel:2.6.12:rc3
Linux Kernel 2.6.12 Rc4	cpe:2.3:o:linux:linux_kernel:2.6.12:rc4
Linux Kernel 2.6.12 Rc5	cpe:2.3:o:linux:linux_kernel:2.6.12:rc5
Linux Kernel 2.6.12 Rc6	cpe:2.3:o:linux:linux_kernel:2.6.12:rc6

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 33	cpe:2.3:o:fedoraproject:fedora:33

Configuration #3

		CPE23	From	Up To
	Oracle Communications Cloud Native Core Binding Support Function 22.1.3	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3
	Oracle Communications Cloud Native Core Network Exposure Function 22.1.1	cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1
	Oracle Communications Cloud Native Core Policy 22.2.0	cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0