CVE-2020-28915

2020-11-1800:00:00

ubuntu.com

5.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H

6.1 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:P/I:P/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

A buffer over-read (at the framebuffer layer) in the fbcon code in the
Linux kernel before 5.8.15 could be used by local attackers to read kernel
memory, aka CID-6735b4632def.

Notes

Author	Note
sbeattie	This patch depends on patch “fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h”.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-126.129UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-56.62UNKNOWN
ubuntu20.10noarchlinux< 5.8.0-31.33UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-197.229UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1088.93UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1030.31UNKNOWN
ubuntu20.10noarchlinux-aws< 5.8.0-1014.15UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1082.86) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1118.132UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< 5.4.0-1030.31~18.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< 4.15.0-126.129	UNKNOWN
ubuntu	20.04	noarch	linux	< 5.4.0-56.62	UNKNOWN
ubuntu	20.10	noarch	linux	< 5.8.0-31.33	UNKNOWN
ubuntu	16.04	noarch	linux	< 4.4.0-197.229	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< 4.15.0-1088.93	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1030.31	UNKNOWN
ubuntu	20.10	noarch	linux-aws	< 5.8.0-1014.15	UNKNOWN
ubuntu	14.04	noarch	linux-aws	< 4.4.0-1082.86) Available with Ubuntu Pro or Ubuntu Pro (Infra-only	UNKNOWN
ubuntu	16.04	noarch	linux-aws	< 4.4.0-1118.132	UNKNOWN
ubuntu	18.04	noarch	linux-aws-5.4	< 5.4.0-1030.31~18.04.1	UNKNOWN