{"api_version":"1","generated_at":"2026-04-22T21:37:38+00:00","cve":"CVE-2020-27786","urls":{"html":"https://cve.report/CVE-2020-27786","api":"https://cve.report/api/cve/CVE-2020-27786.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-27786","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-27786"},"summary":{"title":"CVE-2020-27786","description":"A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2020-12-11 05:15:00","updated_at":"2023-05-16 10:49:00"},"problem_types":["CWE-416"],"metrics":[],"references":[{"url":"https://security.netapp.com/advisory/ntap-20210122-0002/","name":"https://security.netapp.com/advisory/ntap-20210122-0002/","refsource":"CONFIRM","tags":[],"title":"CVE-2020-27786 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1900933","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1900933","refsource":"MISC","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"1900933 – (CVE-2020-27786) CVE-2020-27786 kernel: use-after-free in kernel midi subsystem","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2020/12/03/1","name":"[oss-security] 20201203 Re: Linux Kernel: ALSA: use-after-free Write in snd_rawmidi_kernel_write1","refsource":"MLIST","tags":[],"title":"oss-security - Re: Linux Kernel: ALSA: use-after-free Write in snd_rawmidi_kernel_write1","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d","name":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d","refsource":"MISC","tags":["Patch","Vendor Advisory"],"title":"kernel/git/torvalds/linux.git - Linux kernel source tree","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-27786","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27786","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"27786","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27786","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"5.7","cpe7":"rc6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27786","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"5.7","cpe7":"rc6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27786","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"cloud_backup","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27786","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"solidfire_baseboard_management_controller","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27786","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27786","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27786","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27786","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27786","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"enterprise_mrg","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27786","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_mrg","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27786","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"enterprise_mrg","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27786","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openshift_container_platform","cpe6":"4.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27786","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openshift_container_platform","cpe6":"4.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27786","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openshift_container_platform","cpe6":"4.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27786","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openshift_container_platform","cpe6":"4.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27786","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openshift_container_platform","cpe6":"4.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27786","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openshift_container_platform","cpe6":"4.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-27786","qid":"159185","title":"Oracle Enterprise Linux Security Update for kernel (ELSA-2021-1578)"},{"cve":"CVE-2020-27786","qid":"174806","title":"SUSE Enterprise Linux Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP2) (SUSE-SU-2021:0835-1)"},{"cve":"CVE-2020-27786","qid":"174808","title":"SUSE Enterprise Linux Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (SUSE-SU-2021:0870-1)"},{"cve":"CVE-2020-27786","qid":"174810","title":"SUSE Enterprise Linux Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP1) (SUSE-SU-2021:0853-1)"},{"cve":"CVE-2020-27786","qid":"174812","title":"SUSE Enterprise Linux Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP1) (SUSE-SU-2021:0859-1)"},{"cve":"CVE-2020-27786","qid":"174813","title":"SUSE Enterprise Linux Security update for the Linux Kernel (Live Patch 5 for SLE 12 SP5) (SUSE-SU-2021:0818-1)"},{"cve":"CVE-2020-27786","qid":"174818","title":"SUSE Enterprise Linux Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP5) (SUSE-SU-2021:0809-1)"},{"cve":"CVE-2020-27786","qid":"174819","title":"SUSE Enterprise Linux Security update for the Linux Kernel (Live Patch 18 for SLE 15) (SUSE-SU-2021:0868-1)"},{"cve":"CVE-2020-27786","qid":"239314","title":"Red Hat Update for kernel-rt (RHSA-2021:1739)"},{"cve":"CVE-2020-27786","qid":"239339","title":"Red Hat Update for kernel (RHSA-2021:1578)"},{"cve":"CVE-2020-27786","qid":"375284","title":"EulerOS Security Update for kernel (EulerOS-SA-2021-1311)"},{"cve":"CVE-2020-27786","qid":"390233","title":"Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2021-0005)"},{"cve":"CVE-2020-27786","qid":"610337","title":"Google Pixel Android May 2021 Security Patch Missing"},{"cve":"CVE-2020-27786","qid":"670185","title":"EulerOS Security Update for kernel (EulerOS-SA-2021-1684)"},{"cve":"CVE-2020-27786","qid":"671703","title":"EulerOS Security Update for kernel (EulerOS-SA-2022-1735)"},{"cve":"CVE-2020-27786","qid":"750376","title":"OpenSUSE Security Update for RT kernel (openSUSE-SU-2021:0242-1)"},{"cve":"CVE-2020-27786","qid":"750428","title":"OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:0075-1)"},{"cve":"CVE-2020-27786","qid":"750434","title":"OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:0060-1)"},{"cve":"CVE-2020-27786","qid":"940354","title":"AlmaLinux Security Update for kernel (ALSA-2021:1578)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-27786","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"kernel","version":{"version_data":[{"version_value":"kernel 5.7-rc6"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-416"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d"},{"refsource":"MLIST","name":"[oss-security] 20201203 Re: Linux Kernel: ALSA: use-after-free Write in snd_rawmidi_kernel_write1","url":"http://www.openwall.com/lists/oss-security/2020/12/03/1"},{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1900933","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1900933"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20210122-0002/","url":"https://security.netapp.com/advisory/ntap-20210122-0002/"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."}]}},"nvd":{"publishedDate":"2020-12-11 05:15:00","lastModifiedDate":"2023-05-16 10:49:00","problem_types":["CWE-416"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"4.4.224","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5","versionEndExcluding":"4.9.224","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"4.14.181","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"4.19.124","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.4.42","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.6.14","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:openshift_container_platform:4.5:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:openshift_container_platform:4.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"27786","Ordinal":"189522","Title":"CVE-2020-27786","CVE":"CVE-2020-27786","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"27786","Ordinal":"1","NoteData":"A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"27786","Ordinal":"2","NoteData":"2020-12-10","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"27786","Ordinal":"3","NoteData":"2021-05-12","Type":"Other","Title":"Modified"}]}}}