CVE-2020-27418

Public on 2023-08-22
Modified on 2024-03-01
Description

A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgacon_invert_region() function.

Severity
Medium
See what this means
CVSS v3 Base Score
5.9
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 kernel 2020-04-23 ALAS-2020-1360
Amazon Linux 2 - Core kernel 2020-03-23 ALAS2-2020-1405
Amazon Linux 2 - Kernel-5.4 Extra kernel 2022-01-28 ALAS2KERNEL-5.4-2022-011

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
NVD CVSSv3 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2020-27418 Mitre: CVE-2020-27418