CVE-2020-27784 - OpenCVE

A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free().

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

References

Link	Providers
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e8d5f92b8d30bb4ade76494490c3c065e12411b1
https://nvd.nist.gov/vuln/detail/CVE-2020-27784
https://www.cve.org/CVERecord?id=CVE-2020-27784

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-09-01T17:56:31

Updated: 2024-08-04T16:25:42.472Z

Reserved: 2020-10-27T00:00:00

Link: CVE-2020-27784

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-09-01T18:15:08.467

Modified: 2023-05-16T10:51:13.530

Link: CVE-2020-27784

Redhat

Severity : Moderate

Publid Date: 2020-06-05T00:00:00Z

Links: CVE-2020-27784 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "kernel", "vendor": "n/a", "versions": [{"status": "affected", "version": "unknown"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free()."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-201", "description": "CWE-201", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-01T17:56:31", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e8d5f92b8d30bb4ade76494490c3c065e12411b1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-27784", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "kernel", "version": {"version_data": [{"version_value": "unknown"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free()."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-201"}]}]}, "references": {"reference_data": [{"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e8d5f92b8d30bb4ade76494490c3c065e12411b1", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e8d5f92b8d30bb4ade76494490c3c065e12411b1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:25:42.472Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e8d5f92b8d30bb4ade76494490c3c065e12411b1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-27784", "datePublished": "2022-09-01T17:56:31", "dateReserved": "2020-10-27T00:00:00", "dateUpdated": "2024-08-04T16:25:42.472Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6562CC02-020B-4BA1-8B62-116EE3BF3D8D", "versionEndExcluding": "4.4.241", "versionStartIncluding": "4.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "72EFD2ED-12E4-4AFD-B5BB-CB3293750BFB", "versionEndExcluding": "4.9.241", "versionStartIncluding": "4.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B952E0D7-4D70-4BBE-A15B-3435430BA7EE", "versionEndExcluding": "4.19.154", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "647A7A2A-7AB0-4CD3-A6C8-4D3F52721743", "versionEndExcluding": "5.4.73", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECB8F088-C63B-40C8-B27B-86F62F62C3E8", "versionEndExcluding": "5.8.17", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA66D250-BE2A-4F96-B53E-CFBECEF46D83", "versionEndExcluding": "5.9.2", "versionStartIncluding": "5.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free()."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en el kernel de Linux, donde al acceder a una instancia desasignada en printer_ioctl() printer_ioctl() intenta acceder a una instancia de printer_dev. Sin embargo, es producido un uso de memoria previamente liberada porque hab\u00eda sido liberada por la funci\u00f3n gprinter_free()"}], "id": "CVE-2020-27784", "lastModified": "2023-05-16T10:51:13.530", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-01T18:15:08.467", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e8d5f92b8d30bb4ade76494490c3c065e12411b1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-201"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: deallocated instance in printer_ioctl() printer_ioctl() tries to access lock_printer_io of the printer_dev instance", "id": "1901728", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901728"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-201->CWE-416", "details": ["A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free().", "A flaw was found in the Linux kernel. This flaw allows a local user with permission to access a printer port and issue an ioctl, creating a use-after-free and corrupting memory or escalating privileges."], "name": "CVE-2020-27784", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2020-06-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-27784\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-27784"], "threat_severity": "Moderate", "upstream_fix": "Linux kernel 5.10"}