CVE-2020-9391
Advisory lineage Upstream: 0 Downstream: 4
Modified
Published: 25 Feb 2020, 17:55
Last modified:04 Aug 2024, 10:26
Vulnerability Summary
Overall Risk (default)
medium
32/100 CVSS Score
5.5 MEDIUM
v3.1 (nvd)
EPSS Score
0.16% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
2 found
Dark Web
Not detected
Timeline
25 Feb 2020, 17:55
Published
Vulnerability first disclosed
04 Aug 2024, 10:26
Last Modified
Vulnerability information updated
Description
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 0.16%• Percentile: 37%
Techniques & Countermeasures
- CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
Affected Systems
- fedoraproject•fedora
31
- linux•linux_kernel
≥ 5.5, ≤ 5.5.6 | 5.4
- netapp•active_iq_unified_manager
na
- netapp•cloud_backup
na
- netapp•data_availability_services
na
- netapp•h410c_firmware
na
- netapp•hci_management_node
na
- netapp•solidfire
na
- netapp•steelstore_cloud_integrated_storage
na
References (5)
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dcde237319e626d1ec3c9d8b7613032f0fd4663a
- https://bugzilla.redhat.com/show_bug.cgi?id=1797052
- http://www.openwall.com/lists/oss-security/2020/02/25/6
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O4LH35HOPBJIKYHYFXMBBM75DN75PZHZ/
- https://security.netapp.com/advisory/ntap-20200313-0003/