How severe is CVE-2020-10690?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2020-10690?

This is classified as CWE-416, which is a common weakness in software security.

CVE-2020-10690

MEDIUM Year: 2020

CVSS v3 Score

6.4

Medium

CVSS v2 Score

4.4

Medium

Weakness Type

CWE-416

View all →

Vulnerability Description

There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.

CVE-2019-15214

MEDIUM

CVSS:6.4(Medium)

An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is r...

CWE-4162019

CVE-2021-25394

MEDIUM

CVSS:6.4(Medium)

A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised.

CWE-4162021

CVE-2021-29093

MEDIUM

CVSS:6.4(Medium)

A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code ...

CWE-4162021

CVE-2021-3700

MEDIUM

CVSS:6.4(Medium)

A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts ...

CWE-4162021

CVE-2022-4382

MEDIUM

CVSS:6.4(Medium)

A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side.

CWE-4162022

CVE-2023-20608

MEDIUM

CVSS:6.4(Medium)

In display drm, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...

CWE-4162023

CVE-2020-10690

Vulnerability Description

Related Vulnerabilities

CVE-2019-15214

CVE-2021-25394

CVE-2021-29093

CVE-2021-3700

CVE-2022-4382

CVE-2023-20608