{"containers": {"cna": {"affected": [{"product": "kernel", "vendor": "n/a", "versions": [{"status": "affected", "version": "kernel versions prior to 5.10-rc6"}]}], "descriptions": [{"lang": "en", "value": "A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-01-07T17:24:30", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901709"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-27835", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "kernel", "version": {"version_data": [{"version_value": "kernel versions prior to 5.10-rc6"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-416"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1901709", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901709"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:25:43.607Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901709"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-27835", "datePublished": "2021-01-07T17:24:30", "dateReserved": "2020-10-27T00:00:00", "dateUpdated": "2024-08-04T16:25:43.607Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linux:infiniband_hfi1_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "99E5D6FB-5CEF-430C-81AC-928A9A01B9C6", "versionEndIncluding": "5.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:linux:infiniband_hfi1_driver:5.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "FE97FE96-B356-40E7-B12D-8BAADB9EBB33", "vulnerable": true}, {"criteria": "cpe:2.3:a:linux:infiniband_hfi1_driver:5.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "8D3FC0AE-D981-49AD-8D9E-BEE39489D8B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:linux:infiniband_hfi1_driver:5.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "BCFE51EF-E796-44C1-8A4C-3248AD5EC5B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:linux:infiniband_hfi1_driver:5.10:rc4:*:*:*:*:*:*", "matchCriteriaId": "84989273-E8E5-4296-BC4A-BB543F70FA81", "vulnerable": true}, {"criteria": "cpe:2.3:a:linux:infiniband_hfi1_driver:5.10:rc5:*:*:*:*:*:*", "matchCriteriaId": "5798EA92-2CF5-4BE2-8904-261085662EB5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system."}, {"lang": "es", "value": "Se encontr\u00f3 un uso de la memoria previamente liberada en el controlador infiniband hfi1 del kernel de Linux en versiones anteriores a 5.10-rc6, en la manera en que el usuario llama una Ioctl despu\u00e9s de abrir el archivo dev y la rama. Un usuario local podr\u00eda usar este fallo para bloquear el sistema"}], "id": "CVE-2020-27835", "lastModified": "2024-11-21T05:21:54.170", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-07T18:15:13.137", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901709"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901709"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2021:1739", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-305.rt7.72.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}, {"advisory": "RHSA-2021:1578", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-305.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}], "bugzilla": {"description": "kernel: child process is able to access parent mm through hfi dev file handle", "id": "1901709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901709"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.", "A flaw use after free in the Linux kernel infiniband hfi1 driver was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, prevent the module hfi1 from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to denylist a kernel module to prevent it from loading automatically."}, "name": "CVE-2020-27835", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2020-11-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-27835\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-27835"], "statement": "This flaw is rated as having a Moderate impact because the issue can only be triggered by an authorized local user with access to a system with specific hardware present.", "threat_severity": "Moderate"}

{}