CVE-2020-28915 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2020-28915

CVE-2020-28915

November 18, 2020

A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.

Related Resources (8)

https://syzkaller.appspot.com/bug?id=08b8be45afea11888776f897895aef9ad1c3ecfd

https://security-tracker.debian.org/tracker/CVE-2020-28915

https://bugzilla.suse.com/show_bug.cgi?id=1178886

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5af08640795b2b9a940c9266c0260455377ae262

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.15

https://access.redhat.com/security/cve/CVE-2020-28915

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6735b4632def0640dbdf4eb9f99816aca18c4f16

https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28915

Do you need more information?

CVSS v4

Base Score:

5.3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

HIGH

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

HIGH

CVSS v2

Base Score:

6.1

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

EPSS

Base Score:

0.12

Products

Solutions

Resources

Company

Compare

Developer Tools