Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9816 vulnerabilities reference this CWE, most recent first.

CVE-2020-35506 (GCVE-0-2020-35506)

Vulnerability from cvelistv5 – Published: 2021-05-28 10:20 – Updated: 2024-08-04 17:02
VLAI
Summary
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a QEMU Affected: qemu 6.0.0
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:02:08.237Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20210416 QEMU: ESP security fixes",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/04/16/3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2021/04/16/3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909996"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210713-0006/"
          },
          {
            "name": "GLSA-202208-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-27"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "QEMU",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "qemu 6.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the \u0027Information Transfer\u0027 command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-14T18:14:11.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20210416 QEMU: ESP security fixes",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/04/16/3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2021/04/16/3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909996"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210713-0006/"
        },
        {
          "name": "GLSA-202208-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-27"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-35506",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "QEMU",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "qemu 6.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the \u0027Information Transfer\u0027 command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20210416 QEMU: ESP security fixes",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/04/16/3"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2021/04/16/3",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2021/04/16/3"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1909996",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909996"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210713-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210713-0006/"
            },
            {
              "name": "GLSA-202208-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-27"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-35506",
    "datePublished": "2021-05-28T10:20:55.000Z",
    "dateReserved": "2020-12-17T00:00:00.000Z",
    "dateUpdated": "2024-08-04T17:02:08.237Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-28594 (GCVE-0-2020-28594)

Vulnerability from cvelistv5 – Published: 2021-08-17 19:15 – Updated: 2024-08-04 16:40
VLAI
Summary
A use-after-free vulnerability exists in the _3MF_Importer::_handle_end_model() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a Prusa Research Affected: Prusa Research PrusaSlicer 2.2.0 , Prusa Research PrusaSlicer Master (commit 4b040b856)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:40:59.436Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1218"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Prusa Research",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prusa Research PrusaSlicer 2.2.0 , Prusa Research PrusaSlicer Master (commit 4b040b856)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free vulnerability exists in the _3MF_Importer::_handle_end_model() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-17T19:15:53.000Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1218"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2020-28594",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Prusa Research",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prusa Research PrusaSlicer 2.2.0 , Prusa Research PrusaSlicer Master (commit 4b040b856)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use-after-free vulnerability exists in the _3MF_Importer::_handle_end_model() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 8.8,
            "baseSeverity": "High",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416: Use After Free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1218",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1218"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2020-28594",
    "datePublished": "2021-08-17T19:15:53.000Z",
    "dateReserved": "2020-11-13T00:00:00.000Z",
    "dateUpdated": "2024-08-04T16:40:59.436Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-27835 (GCVE-0-2020-27835)

Vulnerability from cvelistv5 – Published: 2021-01-07 17:24 – Updated: 2024-08-04 16:25
VLAI
Summary
A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a kernel Affected: kernel versions prior to 5.10-rc6
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:25:43.607Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901709"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "kernel versions prior to 5.10-rc6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-07T17:24:30.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901709"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-27835",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "kernel versions prior to 5.10-rc6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1901709",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901709"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-27835",
    "datePublished": "2021-01-07T17:24:30.000Z",
    "dateReserved": "2020-10-27T00:00:00.000Z",
    "dateUpdated": "2024-08-04T16:25:43.607Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-27820 (GCVE-0-2020-27820)

Vulnerability from cvelistv5 – Published: 2021-11-02 23:26 – Updated: 2024-08-04 16:25
VLAI
Summary
A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a kernel Affected: to be fixed in RHEL-9 release
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:25:43.062Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901726"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline%40redhat.com/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline%40redhat.com/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline%40redhat.com/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "to be fixed in RHEL-9 release"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Linux kernel, where a use-after-frees in nouveau\u0027s postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if \"unbind\" the driver)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:16:46.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901726"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline%40redhat.com/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline%40redhat.com/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline%40redhat.com/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-27820",
    "datePublished": "2021-11-02T23:26:20.000Z",
    "dateReserved": "2020-10-27T00:00:00.000Z",
    "dateUpdated": "2024-08-04T16:25:43.062Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-27786 (GCVE-0-2020-27786)

Vulnerability from cvelistv5 – Published: 2020-12-11 04:05 – Updated: 2024-08-04 16:25
VLAI
Summary
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a kernel Affected: kernel 5.7-rc6
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:25:43.903Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d"
          },
          {
            "name": "[oss-security] 20201203 Re: Linux Kernel: ALSA: use-after-free Write in snd_rawmidi_kernel_write1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/12/03/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900933"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210122-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "kernel 5.7-rc6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Linux kernel\u2019s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-12T14:31:27.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d"
        },
        {
          "name": "[oss-security] 20201203 Re: Linux Kernel: ALSA: use-after-free Write in snd_rawmidi_kernel_write1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/12/03/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900933"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210122-0002/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-27786",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "kernel 5.7-rc6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in the Linux kernel\u2019s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d"
            },
            {
              "name": "[oss-security] 20201203 Re: Linux Kernel: ALSA: use-after-free Write in snd_rawmidi_kernel_write1",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/12/03/1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1900933",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900933"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210122-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210122-0002/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-27786",
    "datePublished": "2020-12-11T04:05:29.000Z",
    "dateReserved": "2020-10-27T00:00:00.000Z",
    "dateUpdated": "2024-08-04T16:25:43.903Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-27280 (GCVE-0-2020-27280)

Vulnerability from cvelistv5 – Published: 2021-01-26 12:51 – Updated: 2024-08-04 16:11
VLAI
Summary
A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a ISPSoft Affected: v3.12 and prior
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:11:36.597Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ISPSoft",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "v3.12 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "USE AFTER FREE CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-26T12:51:33.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-27280",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ISPSoft",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v3.12 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "USE AFTER FREE CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-01",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-27280",
    "datePublished": "2021-01-26T12:51:33.000Z",
    "dateReserved": "2020-10-19T00:00:00.000Z",
    "dateUpdated": "2024-08-04T16:11:36.597Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-27267 (GCVE-0-2020-27267)

Vulnerability from cvelistv5 – Published: 2021-01-13 23:25 – Updated: 2024-08-04 16:11
VLAI
Summary
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a PTC Kepware KEPServerEX Affected: v6.0 to v6.9
n/a ThingWorx Kepware Server Affected: v6.8 and v6.9
n/a ThingWorx Industrial Connectivity Affected: All versions
n/a OPC-Aggregator Affected: All versions
n/a Rockwell Automation KEPServer Enterprise Affected: All versions
n/a GE Digital Industrial Gateway Server Affected: v7.68.804
Affected: v7.66
n/a Software Toolbox TOP Server Affected: All 6.x versions
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:11:36.412Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PTC Kepware KEPServerEX",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "v6.0 to v6.9"
            }
          ]
        },
        {
          "product": "ThingWorx Kepware Server",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "v6.8 and v6.9"
            }
          ]
        },
        {
          "product": "ThingWorx Industrial Connectivity",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "OPC-Aggregator",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "Rockwell Automation KEPServer Enterprise",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "GE Digital Industrial Gateway Server",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "v7.68.804"
            },
            {
              "status": "affected",
              "version": "v7.66"
            }
          ]
        },
        {
          "product": "Software Toolbox TOP Server",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All 6.x versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "USE AFTER FREE CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-13T23:25:07.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-27267",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PTC Kepware KEPServerEX",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v6.0 to v6.9"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ThingWorx Kepware Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v6.8 and v6.9"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ThingWorx Industrial Connectivity",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "OPC-Aggregator",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rockwell Automation KEPServer Enterprise",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "GE Digital Industrial Gateway Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v7.68.804"
                          },
                          {
                            "version_value": "v7.66"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Software Toolbox TOP Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All 6.x versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "USE AFTER FREE CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-27267",
    "datePublished": "2021-01-13T23:25:07.000Z",
    "dateReserved": "2020-10-19T00:00:00.000Z",
    "dateUpdated": "2024-08-04T16:11:36.412Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-25725 (GCVE-0-2020-25725)

Vulnerability from cvelistv5 – Published: 2020-11-21 05:29 – Updated: 2024-08-04 15:40
VLAI
Summary
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font.
CWE
Assigner
References
Impacted products
Vendor Product Version
Glyph & Cog xpdf Affected: 4.02
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:40:36.653Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41915"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25725"
          },
          {
            "name": "FEDORA-2021-4a437fe032",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZUU5QG6SSVRTKZTR3A72LDRVZETEI63/"
          },
          {
            "name": "FEDORA-2021-013d9a30e0",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLOYVJSM54IL6I5RY4QTJGRS7PIEG44X/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xpdf",
          "vendor": "Glyph \u0026 Cog",
          "versions": [
            {
              "status": "affected",
              "version": "4.02"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack-\u003ecache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn\u0027t correctly handling the case where a Type 3 char referred to another char in the same Type 3 font."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-11T03:06:08.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41915"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25725"
        },
        {
          "name": "FEDORA-2021-4a437fe032",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZUU5QG6SSVRTKZTR3A72LDRVZETEI63/"
        },
        {
          "name": "FEDORA-2021-013d9a30e0",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLOYVJSM54IL6I5RY4QTJGRS7PIEG44X/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-25725",
    "datePublished": "2020-11-21T05:29:54.000Z",
    "dateReserved": "2020-09-16T00:00:00.000Z",
    "dateUpdated": "2024-08-04T15:40:36.653Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-25671 (GCVE-0-2020-25671)

Vulnerability from cvelistv5 – Published: 2021-05-26 10:44 – Updated: 2024-08-04 15:40
VLAI
Summary
A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a Linux Kernel Affected: All
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:40:36.574Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20201101 [CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673]Linux kernel: many bugs in nfc socket",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/11/01/1"
          },
          {
            "name": "FEDORA-2021-1c170a7c7c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/"
          },
          {
            "name": "FEDORA-2021-21360476b6",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH/"
          },
          {
            "name": "FEDORA-2021-d56567bdab",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2020/11/01/1"
          },
          {
            "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
          },
          {
            "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210702-0008/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux Kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-02T11:06:13.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20201101 [CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673]Linux kernel: many bugs in nfc socket",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/11/01/1"
        },
        {
          "name": "FEDORA-2021-1c170a7c7c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/"
        },
        {
          "name": "FEDORA-2021-21360476b6",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH/"
        },
        {
          "name": "FEDORA-2021-d56567bdab",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2020/11/01/1"
        },
        {
          "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
        },
        {
          "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210702-0008/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-25671",
    "datePublished": "2021-05-26T10:44:17.000Z",
    "dateReserved": "2020-09-16T00:00:00.000Z",
    "dateUpdated": "2024-08-04T15:40:36.574Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-25670 (GCVE-0-2020-25670)

Vulnerability from cvelistv5 – Published: 2021-05-26 10:28 – Updated: 2024-08-04 15:40
VLAI
Summary
A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a Linux Kernel Affected: All
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:40:36.549Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20201101 [CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673]Linux kernel: many bugs in nfc socket",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/11/01/1"
          },
          {
            "name": "FEDORA-2021-1c170a7c7c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/"
          },
          {
            "name": "FEDORA-2021-21360476b6",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH/"
          },
          {
            "name": "FEDORA-2021-d56567bdab",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS/"
          },
          {
            "name": "[oss-security] 20210511 CVE-2021-23134: Linux kernel: UAF in nfc sockets",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/05/11/4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2020/11/01/1"
          },
          {
            "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
          },
          {
            "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210702-0008/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux Kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-02T11:06:10.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20201101 [CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673]Linux kernel: many bugs in nfc socket",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/11/01/1"
        },
        {
          "name": "FEDORA-2021-1c170a7c7c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/"
        },
        {
          "name": "FEDORA-2021-21360476b6",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH/"
        },
        {
          "name": "FEDORA-2021-d56567bdab",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS/"
        },
        {
          "name": "[oss-security] 20210511 CVE-2021-23134: Linux kernel: UAF in nfc sockets",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/05/11/4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2020/11/01/1"
        },
        {
          "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
        },
        {
          "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210702-0008/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-25670",
    "datePublished": "2021-05-26T10:28:52.000Z",
    "dateReserved": "2020-09-16T00:00:00.000Z",
    "dateUpdated": "2024-08-04T15:40:36.549Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.