There is a use-after-free vulnerability in the Linux kernel in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. Reference: https://bugzilla.kernel.org/show_bug.cgi?id=206361
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1802560]
This issue was fixed for Fedora with the 5.5.9 stable kernel updates.
Statement: The impact is moderate, because of the need of additional privileges (usually local console user).
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4431 https://access.redhat.com/errata/RHSA-2020:4431
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4609 https://access.redhat.com/errata/RHSA-2020:4609
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-8648
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:2314 https://access.redhat.com/errata/RHSA-2021:2314
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:2316 https://access.redhat.com/errata/RHSA-2021:2316
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Advanced Update Support Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions Red Hat Enterprise Linux 7.6 Telco Extended Update Support Via RHSA-2021:3320 https://access.redhat.com/errata/RHSA-2021:3320
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions Red Hat Enterprise Linux 7.7 Telco Extended Update Support Via RHSA-2021:3522 https://access.redhat.com/errata/RHSA-2021:3522