CVE-2021-20292

Updated: 2022-09-27 17:34:39.31142

Description:

There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.2
CVSS Version 3.x MEDIUM 6.7

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS kernel 2.6.32 6.7 MEDIUM Released CLSA-2021:1632262296 2022-05-05 12:01:40
CentOS 8.4 ELS kernel 4.18.0-305.25.1 6.7 MEDIUM Ignored 2022-04-29 15:33:55
CentOS 8.5 ELS kernel 4.18.0-348.7.1 6.7 MEDIUM Ignored 2022-04-29 15:33:55
CloudLinux 6 ELS kernel 2.6.32 6.7 MEDIUM Ignored 2022-04-29 15:33:54
Oracle Linux 6 ELS kernel 2.6.32 6.7 MEDIUM Released CLSA-2022:1669850228 2022-11-30 19:57:54
Ubuntu 16.04 ELS linux 4.4.0 6.7 MEDIUM Released 2022-04-29 15:33:55
Ubuntu 16.04 ELS linux-hwe 4.15.0 6.7 MEDIUM Already Fixed 2022-09-28 03:36:18

Statement

Will not fix: low score