CVE-2020-27820medium
Description
A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).
References
https://lore.kernel.org/dri-devel/[email protected]/
https://bugzilla.redhat.com/show_bug.cgi?id=1901726
https://lore.kernel.org/dri-devel/[email protected]/
https://lore.kernel.org/dri-devel/[email protected]/
https://www.oracle.com/security-alerts/cpujul2022.html
https://access.redhat.com/errata/RHSA-2022:1988
https://access.redhat.com/errata/RHSA-2022:1975
https://access.redhat.com/security/cve/CVE-2020-27820
https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline%40redhat.com/
https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline%40redhat.com/
https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline%40redhat.com/
Details
Source: MITRE
Published: 2021-11-03
Updated: 2023-02-02
Type: CWE-416
Risk Information
CVSS v2
Base Score: 4.7
Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C
Impact Score: 6.9
Exploitability Score: 3.4
Severity: MEDIUM
CVSS v3
Base Score: 4.7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 1
Severity: MEDIUM