UBUNTU-CVE-2020-9391
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 25 Feb 2020, 18:15
Last modified:24 Oct 2025, 04:48
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.5 MEDIUM
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
25 Feb 2020, 18:15
Published
Vulnerability first disclosed
24 Oct 2025, 04:48
Last Modified
Vulnerability information updated
Description
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Systems
- ubuntu•linux-azure-edge
all
- ubuntu•linux-gcp-edge
all
- ubuntu•linux-hwe-edge
all | all
- ubuntu•linux-raspi2
all
References (6)
- https://ubuntu.com/security/CVE-2020-9391
- https://git.kernel.org/linus/dcde237319e626d1ec3c9d8b7613032f0fd4663a
- http://www.openwall.com/lists/oss-security/2020/02/25/6
- https://bugzilla.redhat.com/show_bug.cgi?id=1797052
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dcde237319e626d1ec3c9d8b7613032f0fd4663a
- https://www.cve.org/CVERecord?id=CVE-2020-9391