Home / Early Warning / Vulnerabilidades / CVE-2020-28974

CVE-2020-28974

Type: 
Out-of-bounds Read
Severity: 
Medium
Publication date: 
11/20/2020
Last modified: 
01/08/2021
Description
A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.
Impact
Access Vector: Local
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: No impact on system integrity + Partially affects on system confidentiality + Total commitment on system availability
Vulnerable software and versions
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
To consult the complete list of products and versions see this page
Explanation of fields