CVE-2020-27835 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	No
Type	Denial of service
Description	A use after free was found in the Linux kernel infiniband hfi1 driver in the way user calls Ioctl after opening the dev file and forking. A local user could use this flaw to crash the system.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1344	linux	5.9.11.arch2-1	5.9.12.arch1-1	Low	Fixed

References
https://bugzilla.redhat.com/show_bug.cgi?id=1901709 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=5732f83596f8a573f2cde814cc76a54e1a8995c7

Notes
Workaround ========== The issue can be mitigated by preventing the module hfi1 from being loaded: # echo 'blacklist hfi1' > /etc/modprobe.d/CVE-2020-27835.conf