CVE-2020-27830 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Denial of service
Description	A security issue was found in the speakup module of the Linux kernel through 5.9.13. In the spk_ttyio_receive_buf2() function in drivers/accessibility/speakup/spk_ttyio.c, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a null pointer dereference crash.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1330	linux	5.9.13.arch1-1	5.9.14.arch1-1	Medium	Fixed

References
https://www.openwall.com/lists/oss-security/2020/12/07/1 https://www.openwall.com/lists/oss-security/2020/12/08/1 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9920472eaa7c652c7abcad4911fa83b6ae5a4955

References

https://www.openwall.com/lists/oss-security/2020/12/07/1
https://www.openwall.com/lists/oss-security/2020/12/08/1
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9920472eaa7c652c7abcad4911fa83b6ae5a4955

Notes
In Arch Linux, the affected part of the Linux kernel is built as a module which is not loaded by default. If accessibility support is not needed, the vulnerability can be mitigated by blacklisting the affected module: # echo 'blacklist speakup' > /etc/modprobe.d/CVE-2020-27830.conf

Notes

In Arch Linux, the affected part of the Linux kernel is built as a module which is not loaded by default. If accessibility support is not needed, the vulnerability can be mitigated by blacklisting the affected module:

# echo 'blacklist speakup' > /etc/modprobe.d/CVE-2020-27830.conf