Lucene search

K
redhatcveRedhat.comRH:CVE-2020-14351
HistoryNov 10, 2020 - 2:59 a.m.

CVE-2020-14351

2020-11-1002:59:49
redhat.com
access.redhat.com
34

0.001 Low

EPSS

Percentile

39.1%

A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Mitigation

While there is no way to disable the perf subsystem on Linux systems, reducing or removing users access to the perf events can effectively mitigate this flaw. Upstream kernel documentation has been written regarding this mechanism: <https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html&gt;.