|Type||Denial of service|
A security issue was found in the speakup module of the Linux kernel through 5.9.13. In the spk_ttyio_receive_buf2() function in drivers/accessibility/speakup/spk_ttyio.c, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a null pointer dereference crash.
In Arch Linux, the affected part of the Linux kernel is built as a module which is not loaded by default. If accessibility support is not needed, the vulnerability can be mitigated by blacklisting the affected module: # echo 'blacklist speakup' > /etc/modprobe.d/CVE-2020-27830.conf