VDB
CVE-2020-27786
CVE-2020-27786
PUBLISHED
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
EPSS 7.16% · 91.7th percentile
Risk Scores
EPSS Score
7.16%
91.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | linux-gcp | 4.15.0-1015.15~16.04.1, 4.13.0-1019.23, 4.13.0-1006.9 |
| Ubuntu:20.04:LTS | linux-kvm | 5.4.0-1007.7, 5.4.0-1006.6, 5.4.0-1004.4 |
| Ubuntu:18.04:LTS | linux-snapdragon | 4.15.0-1074.81, 0, 4.4.0-1078.83 |
| Ubuntu:18.04:LTS | linux | 4.15.0-65.74, 4.15.0-60.67, 4.15.0-64.73 |
| Ubuntu:18.04:LTS | linux-raspi2-5.3 | 5.3.0-1026.28~18.04.1, 5.3.0-1027.29~18.04.1, 0 |
| Ubuntu:18.04:LTS | linux-aws-5.0 | 0, *, 5.0.0-1027.30 |
| Ubuntu:18.04:LTS | linux-oem | 4.15.0-1066.76, 4.15.0-1102.113, 4.15.0-1017.20 |
| Ubuntu:Pro:FIPS-updates:18.04:LTS | linux-aws-fips | 4.15.0-2000.4, 0, 4.15.0-2021.21 |
| Ubuntu:18.04:LTS | linux-gcp-4.15 | 4.15.0-1071.81, 4.15.0-1077.87, 0 |
| Ubuntu:18.04:LTS | linux-gke-5.0 | 5.0.0-1035.36, 5.0.0-1037.38, 0 |
| Ubuntu:20.04:LTS | linux-riscv | 5.4.0-24.28, 0, 5.4.0-26.30 |
| Ubuntu:Pro:14.04:LTS | linux | 3.13.0-183.234, 3.13.0-182.233, 3.13.0-180.231 |
| Ubuntu:20.04:LTS | linux-gke | 5.4.0-1063.66, 0, 5.4.0-1033.35 |
| Ubuntu:16.04:LTS | linux-hwe-edge | 0, 4.8.0-28.30~16.04.1, 4.8.0-30.32~16.04.1 |
| Ubuntu:18.04:LTS | linux-oracle-5.3 | 5.3.0-1027.29~18.04.1, 0, 5.3.0-1013.14~18.04.1 |
| Ubuntu:20.04:LTS | linux-azure-fde | *, *, * |
| Ubuntu:18.04:LTS | linux-gcp | 4.15.0-1042.45, 4.15.0-1001.1, 4.15.0-1005.5 |
| Ubuntu:Pro:FIPS-updates:18.04:LTS | linux-azure-fips | 0, 4.15.0-1002.2 |
| Ubuntu:18.04:LTS | linux-oracle | 4.15.0-1017.19, 4.15.0-1018.20, 4.15.0-1021.23 |
| Ubuntu:16.04:LTS | linux | 4.4.0-148.174, 0, 4.2.0-19.23 |
…and 46 more
Timeline
- Dec 11, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jun 18, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 12, 2023 EPSS Score
- Sep 14, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-27786 third-party-advisory
- https://www.openwall.com/lists/oss-security/2020/12/01/1 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-27786 third-party-advisory