CVE-2020-28915

2020-11-1800:00:00

ubuntu.com

CVSS2

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:P/I:P/A:C

CVSS3

5.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H

EPSS

Percentile

5.1%

JSON

A buffer over-read (at the framebuffer layer) in the fbcon code in the
Linux kernel before 5.8.15 could be used by local attackers to read kernel
memory, aka CID-6735b4632def.

Notes

Author	Note
sbeattie	This patch depends on patch “fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h”.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-126.129UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-56.62UNKNOWN
ubuntu20.10noarchlinux< 5.8.0-31.33UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-197.229UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1088.93UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1030.31UNKNOWN
ubuntu20.10noarchlinux-aws< 5.8.0-1014.15UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1082.86UNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1118.132UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< 5.4.0-1030.31~18.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< 4.15.0-126.129	UNKNOWN
ubuntu	20.04	noarch	linux	< 5.4.0-56.62	UNKNOWN
ubuntu	20.10	noarch	linux	< 5.8.0-31.33	UNKNOWN
ubuntu	16.04	noarch	linux	< 4.4.0-197.229	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< 4.15.0-1088.93	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1030.31	UNKNOWN
ubuntu	20.10	noarch	linux-aws	< 5.8.0-1014.15	UNKNOWN
ubuntu	14.04	noarch	linux-aws	< 4.4.0-1082.86	UNKNOWN
ubuntu	16.04	noarch	linux-aws	< 4.4.0-1118.132	UNKNOWN
ubuntu	18.04	noarch	linux-aws-5.4	< 5.4.0-1030.31~18.04.1	UNKNOWN