A Use After Free vulnerability was found in vgacon_invert_region in drivers/video/console/vgacon.c in Low level VGA based console driver in Linux Kernel. In this flaw, a local privileged attacker may crash the system due to a missing sanity check and cause a denial of service problem. References: https://patchwork.freedesktop.org/patch/356372/ http://fedora.com
Hi, based on the referenced patch and description, this looks to have been fixed upstream in 513dc792d606 ("vgacon: Fix a UAF in vgacon_invert_region") <https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513dc792d606> (v5.6-rc5), which already was assigned CVE-2020-8647 and CVE-2020-8649; is this a duplicate CVE assignment? Thanks for any clarity.