{"api_version":"1","generated_at":"2026-04-23T00:39:47+00:00","cve":"CVE-2020-14351","urls":{"html":"https://cve.report/CVE-2020-14351","api":"https://cve.report/api/cve/CVE-2020-14351.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-14351","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-14351"},"summary":{"title":"CVE-2020-14351","description":"A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2020-12-03 17:15:00","updated_at":"2021-11-04 17:05:00"},"problem_types":["CWE-416"],"metrics":[],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1862849","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1862849","refsource":"MISC","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"1862849 – (CVE-2020-14351) CVE-2020-14351 kernel: performance counters race condition use-after-free","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html","name":"[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2494-1] linux security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html","name":"[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2483-1] linux-4.19 security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-14351","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14351","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"14351","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14351","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14351","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14351","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14351","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14351","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14351","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-14351","qid":"198328","title":"Ubuntu Security Notification for Linux kernel (OEM) vulnerabilities (USN-4912-1)"},{"cve":"CVE-2020-14351","qid":"239151","title":"Red Hat Update for kernel (RHSA-2021:0856)"},{"cve":"CVE-2020-14351","qid":"239182","title":"Red Hat Update for kernel (RHSA-2021:1028)"},{"cve":"CVE-2020-14351","qid":"239456","title":"Red Hat Update for kernel-rt (RHSA-2021:0774)"},{"cve":"CVE-2020-14351","qid":"257070","title":"CentOS Security Update for kernel (CESA-2021:0856)"},{"cve":"CVE-2020-14351","qid":"353100","title":"Amazon Linux Security Advisory for kernel : ALAC2012-2021-024"},{"cve":"CVE-2020-14351","qid":"353101","title":"Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2021-025"},{"cve":"CVE-2020-14351","qid":"353102","title":"Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2021-026"},{"cve":"CVE-2020-14351","qid":"353133","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-018"},{"cve":"CVE-2020-14351","qid":"375284","title":"EulerOS Security Update for kernel (EulerOS-SA-2021-1311)"},{"cve":"CVE-2020-14351","qid":"377038","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2020:0198)"},{"cve":"CVE-2020-14351","qid":"390217","title":"Oracle Managed Virtualization (VM) Server for x86 Security Update for Unbreakable Enterprise kernel (OVMSA-2021-0001)"},{"cve":"CVE-2020-14351","qid":"390234","title":"Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2021-0001)"},{"cve":"CVE-2020-14351","qid":"6140044","title":"AWS Bottlerocket Security Update for kernel (GHSA-g44w-2vcw-48f7)"},{"cve":"CVE-2020-14351","qid":"750376","title":"OpenSUSE Security Update for RT kernel (openSUSE-SU-2021:0242-1)"},{"cve":"CVE-2020-14351","qid":"750533","title":"OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2020:2112-1)"},{"cve":"CVE-2020-14351","qid":"750609","title":"OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2020:1906-1)"},{"cve":"CVE-2020-14351","qid":"750738","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2020:3326-1)"},{"cve":"CVE-2020-14351","qid":"900040","title":"CBL-Mariner Linux Security Update for kernel 5.4.91"},{"cve":"CVE-2020-14351","qid":"902927","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (3651)"},{"cve":"CVE-2020-14351","qid":"905917","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (3651-1)"},{"cve":"CVE-2020-14351","qid":"940408","title":"AlmaLinux Security Update for kernel (ALSA-2021:0558)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-14351","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"kernel","version":{"version_data":[{"version_value":"kernel 5.8.17"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-416"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1862849","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1862849"},{"refsource":"MLIST","name":"[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update","url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update","url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}]}},"nvd":{"publishedDate":"2020-12-03 17:15:00","lastModifiedDate":"2021-11-04 17:05:00","problem_types":["CWE-416"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.8.17","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"14351","Ordinal":"175581","Title":"CVE-2020-14351","CVE":"CVE-2020-14351","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"14351","Ordinal":"1","NoteData":"A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"14351","Ordinal":"2","NoteData":"2020-12-03","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"14351","Ordinal":"3","NoteData":"2020-12-18","Type":"Other","Title":"Modified"}]}}}