CVE-2020-27068medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-119770583
References
https://source.android.com/security/bulletin/pixel/2020-12-01
Details
Source: MITRE
Published: 2020-12-15
Updated: 2020-12-17
Type: CWE-125
Risk Information
CVSS v2
Base Score: 2.1
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 3.9
Severity: LOW
CVSS v3
Base Score: 4.4
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 0.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 153221 | OracleVM 3.4 : Unbreakable / etc (OVMSA-2021-0030) | Nessus | OracleVM Local Security Checks | medium |
| 153172 | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9442) | Nessus | Oracle Linux Local Security Checks | medium |
| 150536 | SUSE SLES11 Security Update : kernel (SUSE-SU-2021:14630-1) | Nessus | SuSE Local Security Checks | high |
| 147690 | EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2021-1642) | Nessus | Huawei Local Security Checks | high |
| 147588 | EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-1386) | Nessus | Huawei Local Security Checks | high |
| 147512 | EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-1604) | Nessus | Huawei Local Security Checks | high |
| 146511 | SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0452-1) | Nessus | SuSE Local Security Checks | high |
| 146476 | SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0437-1) | Nessus | SuSE Local Security Checks | high |
| 146474 | SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0438-1) | Nessus | SuSE Local Security Checks | high |
| 146470 | SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0434-1) | Nessus | SuSE Local Security Checks | high |
| 146282 | openSUSE Security Update : RT kernel (openSUSE-2021-242) | Nessus | SuSE Local Security Checks | high |
| 145726 | EulerOS 2.0 SP8 : kernel (EulerOS-SA-2021-1148) | Nessus | Huawei Local Security Checks | medium |
| 145320 | openSUSE Security Update : the Linux Kernel (openSUSE-2021-60) | Nessus | SuSE Local Security Checks | medium |
| 145287 | openSUSE Security Update : the Linux Kernel (openSUSE-2021-75) | Nessus | SuSE Local Security Checks | medium |
| 145120 | SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0133-1) | Nessus | SuSE Local Security Checks | medium |
| 145025 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0117-1) | Nessus | SuSE Local Security Checks | medium |
| 145018 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0118-1) | Nessus | SuSE Local Security Checks | medium |
| 144959 | SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0108-1) | Nessus | SuSE Local Security Checks | medium |
| 144914 | SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0098-1) | Nessus | SuSE Local Security Checks | high |
| 144908 | SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0095-1) | Nessus | SuSE Local Security Checks | medium |
| 144693 | EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1028) | Nessus | Huawei Local Security Checks | high |
| 144687 | EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1009) | Nessus | Huawei Local Security Checks | high |