CVE-2020-27830 log

Severity Medium
Remote No
Type Denial of service
A security issue was found in the speakup module of the Linux kernel through 5.9.13. In the spk_ttyio_receive_buf2() function in drivers/accessibility/speakup/spk_ttyio.c, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a null pointer dereference crash.
Group Package Affected Fixed Severity Status Ticket
AVG-1330 linux 5.9.13.arch1-1 5.9.14.arch1-1 Medium Fixed
In Arch Linux, the affected part of the Linux kernel is built as a module which is not loaded by default. If accessibility support is not needed, the vulnerability can be mitigated by blacklisting the affected module:

# echo 'blacklist speakup' > /etc/modprobe.d/CVE-2020-27830.conf