CVE-2020-14351

high

Description

A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1862849

https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html

https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html

Details

Source: MITRE

Published: 2020-12-03

Updated: 2021-11-04

Type: CWE-416

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH