CVE-2020-9391

CVSS v3.1 5.5 (Medium)

CVSS v2.0 2.1 (Low)

EPSS 0.06 % (28^th)

Affected Products 10

Advisories 2

An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation.

Weaknesses

CWE-787: Out-of-bounds Write

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2020-02-25 18:15:11
(4 years ago)
Updated Date: 2023-11-07 03:26:51
(10 months ago)

Affected Products

Fedoraproject

Fedora

Linux

Linux Kernel

Netapp

Configuration #1

		CPE23	From	Up To
	Linux Kernel from 5.5 version and 5.5.6 and prior versions	cpe:2.3:o:linux:linux_kernel	>= 5.5	<= 5.5.6
	Linux Kernel 5.4	cpe:2.3:o:linux:linux_kernel:5.4

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 31	cpe:2.3:o:fedoraproject:fedora:31

Configuration #3

		CPE23	From	Up To
	Netapp Active Iq Unified Manager for Vmware Vsphere	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere
	Netapp Cloud Backup	cpe:2.3:a:netapp:cloud_backup:-
	Netapp Data Availability Services	cpe:2.3:a:netapp:data_availability_services:-
	Netapp Hci Management Node	cpe:2.3:a:netapp:hci_management_node:-
	Netapp Solidfire	cpe:2.3:a:netapp:solidfire:-
	Netapp Steelstore Cloud Integrated Storage	cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-

Configuration #4

AND

		CPE23
OR
	Netapp H410c Firmware	cpe:2.3:o:netapp:h410c_firmware:-
OR
	Running on/with
	Netapp H410c	cpe:2.3:h:netapp:h410c:-