CVE-2020-25669

CVE	CVE-2020-25669
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-05-26 12:15:00 UTC
Updated	2023-11-07 03:20:00 UTC
Description	A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.

Problem Types: CWE-416

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Linux	Linux Kernel	5.9.4	All	All	All
Application	Netapp	Cloud Backup	-	All	All	All
Hardware	Netapp	H300e	-	All	All	All
Operating System	Netapp	H300e Firmware	-	All	All	All
Hardware	Netapp	H300s	-	All	All	All
Operating System	Netapp	H300s Firmware	-	All	All	All
Hardware	Netapp	H410c	-	All	All	All
Operating System	Netapp	H410c Firmware	-	All	All	All
Hardware	Netapp	H410s	-	All	All	All
Operating System	Netapp	H410s Firmware	-	All	All	All
Hardware	Netapp	H500e	-	All	All	All
Operating System	Netapp	H500e Firmware	-	All	All	All
Hardware	Netapp	H500s	-	All	All	All
Operating System	Netapp	H500s Firmware	-	All	All	All
Hardware	Netapp	H700e	-	All	All	All
Operating System	Netapp	H700e Firmware	-	All	All	All
Hardware	Netapp	H700s	-	All	All	All
Operating System	Netapp	H700s Firmware	-	All	All	All
Application	Netapp	Solidfire Baseboard Management Controller	-	All	All	All
Application	Netapp	Solidfire Hci Management Node	-	All	All	All

Reference	Source	Link	Tags
[SECURITY] [DLA 2494-1] linux security update	MLIST	lists.debian.org
CVE-2020-25669 Linux Kernel Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
oss-security - CVE-2020-25669: Linux Kernel use-after-free in sunkbd_reinit		www.openwall.com
oss-security - CVE-2020-25669: Linux Kernel use-after-free in sunkbd_reinit	MISC	www.openwall.com
Input: sunkbd - avoid use-after-free in teardown paths · torvalds/linux@77e70d3 · GitHub	MISC	github.com
oss-security - CVE-2020-25669: Linux Kernel use-after-free in sunkbd_reinit	MLIST	www.openwall.com
oss-security - Re: CVE-2020-25669: Linux Kernel use-after-free in sunkbd_reinit		www.openwall.com
oss-security - Re: CVE-2020-25669: Linux Kernel use-after-free in sunkbd_reinit	MISC	www.openwall.com
oss-security - Re: CVE-2020-25669: Linux Kernel use-after-free in sunkbd_reinit	MLIST	www.openwall.com
[SECURITY] [DLA 2483-1] linux-4.19 security update	MLIST	lists.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

198328 Ubuntu Security Notification for Linux kernel (OEM) vulnerabilities (USN-4912-1)
670185 EulerOS Security Update for kernel (EulerOS-SA-2021-1684)
670269 EulerOS Security Update for kernel (EulerOS-SA-2021-1808)
670634 EulerOS Security Update for kernel (EulerOS-SA-2021-2392)
750376 OpenSUSE Security Update for RT kernel (openSUSE-SU-2021:0242-1)
750488 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2020:2260-1)
750518 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2020:2161-1)
750568 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2020:2034-1)