CVE-2020-27820 Information

Description

A vulnerability was found in Linux kernel where a use-after-frees in nouveau’s postclose() handler could happen if removing device (that is not common to remove video card physically without power-off but same happens if �nbind\ the driver).

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline@redhat.com/ https://bugzilla.redhat.com/show_bug.cgi?id=1901726 https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline@redhat.com/ https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline@redhat.com/

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

4.7