CVE-2020-25639
Advisory lineage Upstream: 0 Downstream: 21
Modified
Published: 04 Mar 2021, 21:56
Last modified:04 Aug 2024, 15:40
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
4.9 MEDIUM
v2.0 (nvd)
EPSS Score
0.12% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
04 Mar 2021, 21:56
Published
Vulnerability first disclosed
04 Aug 2024, 15:40
Last Modified
Vulnerability information updated
Description
A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.
CVSS Metrics
- v3.1•MEDIUM•Score: 4.4CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 4.9AV:L/AC:L/Au:N/C:N/I:N/A:C
EPSS Trends
Current EPSS score: 0.12%• Percentile: 31%
Techniques & Countermeasures
- CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Systems
- fedoraproject•fedora
32 | 33
- linux•linux_kernel
≤ 5.11.2
- redhat•enterprise_linux
5.0 | 6.0 | 7.0 | 8.0
- redhat•messaging_realtime_grid
2.0
- redhat•openshift_container_platform
4.4 | 4.5 | 4.6
References (3)
- https://bugzilla.redhat.com/show_bug.cgi?id=1876995
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HE4CT3NL6OEBRRBUKHIX63GLNVOWCVRW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SUCBCKRHWP3UD2AVVYQJE7BIJEMCMXW5/