What is CVE-2020-29569?

CVE-2020-29569 is a high-severity vulnerability in Linux Linux_kernel, classified under Use After Free. CVSS score: 8.8/10. Published 2020-12-15.

How severe is CVE-2020-29569?

High severity. CVSS v3 base score is 8.8 out of 10.

Use After Free in Linux Linux_kernel

CVE-2020-29569

An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have…

Vulnerability class: Use-After-Free

EPSS: 0.004 (30.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Linux Linux_kernel
Netapp Hci_compute_node
Netapp Hci_compute_node_bios
Netapp Solidfire_\&_hci_management_node
Netapp Solidfire_\&_hci_storage_node
Xen
Debian Debian_linux — versions 9.0, 10.0
N/a — versions n/a

Weakness classification (CWE)

CWE-416 — Use After Free

References

cve@mitre.org (Patch, x_refsource_MISC, Vendor Advisory)
cve@mitre.org (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
cve@mitre.org (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
cve@mitre.org (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
cve@mitre.org (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)

Frequently asked questions

What is CVE-2020-29569?: CVE-2020-29569 is a high-severity vulnerability in Linux Linux_kernel, classified under Use After Free. CVSS score: 8.8/10. Published 2020-12-15.
How severe is CVE-2020-29569?: High severity. CVSS v3 base score is 8.8 out of 10.