Lucene search

K

GoogleOSV:CVE-2020-9391

HistoryFeb 25, 2020 - 6:15 p.m.

CVE-2020-9391

2020-02-2518:15:11

Google

osv.dev

11

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

27.6%

An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation.

CPENameOperatorVersion
linuxeq5.19-rc2
linuxeq5.19-rc7
linuxeq5.9-rc1
linuxeq6.1-rc6
linuxeq5.11-rc4
linuxeq6.2-rc2
linuxeq5.17-rc3
linuxeq5.9-rc8
linuxeq6.6-rc6
linuxeq6.7-rc2

Rows per page:

1-10 of 1791

References

www.openwall.com/lists/oss-security/2020/02/25/6

bugzilla.redhat.com/show_bug.cgi?id=1797052

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dcde237319e626d1ec3c9d8b7613032f0fd4663a

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O4LH35HOPBJIKYHYFXMBBM75DN75PZHZ/

security.netapp.com/advisory/ntap-20200313-0003/

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

27.6%

Related for OSV:CVE-2020-9391

ubuntucve1 nessus3 fedora3 nvd1 prion1 openvas5 debiancve1 redhatcve1 cvelist1 cve1 oraclelinux1 mageia2