CVE-2020-28941

Name
CVE-2020-28941
Description
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Mailing List http://www.openwall.com/lists/oss-security/2020/11/19/5
Patch https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-linus&id=d4122754442799187d5d537a9c039a49a67e57f1
Patch https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d4122754442799187d5d537a9c039a49a67e57f1
Mailing List https://www.openwall.com/lists/oss-security/2020/11/19/3
Patch https://github.com/torvalds/linux/commit/d4122754442799187d5d537a9c039a49a67e57f1
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/
MLIST https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= None <= 5.9.9

Vulnerable and fixed packages

Source package Branch Version Maintainer Status