[PATCH 0/2] [SRU focal/linux-oem-5.6] CVE-2020-25656
Tim Gardner
tim.gardner at canonical.com
Mon Feb 22 19:39:20 UTC 2021
[Impact]
A flaw was found in the Linux kernel. A use-after-free was found in the way the
console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could
use this flaw to get read memory access out of bounds. The highest threat from
this vulnerability is to data confidentiality.
>From the Ubuntu security team:
It was discovered that the console keyboard driver in the Linux kernel contained
a race condition. A local attacker could use this to expose sensitive information
(kernel memory).
[Test Case]
A test case is in the fix commit.
Patch 1/2 ('vt: keyboard, simplify vt_kdgkbsent') is required for the CVE fix
commit Patch 2/2 ('vt: keyboard, extend func_buf_lock to readers').
[Potential regression]
Both patches are clean upstream cherry-picks and have been released in multiple kernels.
More information about the kernel-team
mailing list