CVE-2020-29371

LOW EPSS 48.1%
Published Nov 28, 20205y ago · Modified Jun 17, 20262w ago
3.3 CVSS 3.1
Low
Find Similar
Published Nov 28, 2020 5y ago
Last Modified Jun 17, 2026 2w ago

Description

An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.

CVSS Details

Base Score
3.3
Exploitability
1.8
Impact
1.4
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
48.1% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-908

Affected Products 1

VendorProductVersionRange
linuxlinux_kernel* <5.8.4

References 4

  • bugs.chromium.org https://bugs.chromium.org/p/project-zero/issues/detail?id=2077
    ExploitIssue TrackingThird Party Advisory
  • cdn.kernel.org https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.4
    Release NotesVendor Advisory
  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2935e0a3cec1ffa558eea90db6279cff83aa3592
    PatchVendor Advisory
  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bcf85fcedfdd17911982a3e3564fcfec7b01eebd
    PatchVendor Advisory

Remediation

  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2935e0a3cec1ffa558eea90db6279cff83aa3592
    PatchVendor Advisory
  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bcf85fcedfdd17911982a3e3564fcfec7b01eebd
    PatchVendor Advisory