CVE-2021-20292
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
28/05/2021
Last modified:
28/07/2023
Description
There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.
Impact
Base Score 3.x
6.70
Severity 3.x
MEDIUM
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.3 (including) | 4.9.298 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.10 (including) | 4.14.263 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.15 (including) | 4.19.140 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.59 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.7.16 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.8 (including) | 5.8.2 (excluding) |
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* | ||
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* | ||
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* | ||
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page