Lucene search

K
cve[email protected]CVE-2020-28915
HistoryNov 18, 2020 - 8:15 a.m.

CVE-2020-28915

2020-11-1808:15:12
CWE-125
web.nvd.nist.gov
172
cve-2020-28915
buffer over-read
framebuffer layer
fbcon code
linux kernel
local attackers
read kernel memory
cid-6735b4632def
nvd

6.1 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:P/I:P/A:C

5.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.

Affected configurations

NVD
Node
linuxlinux_kernelRange<5.8.15

6.1 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:P/I:P/A:C

5.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%