CVE-2020-28941
5.5 MEDIUMAn issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9
Published: 2020-11-19 · Last updated: 2026-05-29
Severity and scoring
- CVSS
- 5.5 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-763
Affected products
| Vendor | Product |
|---|---|
| debian | debian_linux, fedora, linux_kernel |
| fedoraproject | debian_linux, fedora, linux_kernel |
| linux | debian_linux, fedora, linux_kernel |
Description
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2020-28941
- [Patch]http://www.openwall.com/lists/oss-security/2020/11/19/5
- [Patch]https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d4122754442799187d5d537a9c039a49a67e57f1
- [Patch]https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-linus&id=d4122754442799187d5d537a9c039a49a67e57f1
- [Patch]https://github.com/torvalds/linux/commit/d4122754442799187d5d537a9c039a49a67e57f1
- [Other]https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/
- [Patch]https://www.openwall.com/lists/oss-security/2020/11/19/3
- [Patch]http://www.openwall.com/lists/oss-security/2020/11/19/5
- [Patch]https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d4122754442799187d5d537a9c039a49a67e57f1
- [Patch]https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-linus&id=d4122754442799187d5d537a9c039a49a67e57f1
- [Patch]https://github.com/torvalds/linux/commit/d4122754442799187d5d537a9c039a49a67e57f1
- [Other]https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/
- [Patch]https://www.openwall.com/lists/oss-security/2020/11/19/3
Related CVEs
Same vendor
- CVE-2026-49975 — Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP ... (7.5 HIGH)
- CVE-2026-46273 — In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapt... (8.6 HIGH)
- CVE-2026-46272 — In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode ... (4.7 MEDIUM)
- CVE-2026-46271 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi... (7.8 HIGH)
- CVE-2026-46270 — In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in power_supply_changed() ... (8.4 HIGH)
Same CWE
- CVE-2026-9516 — Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws (7.5 HIGH)
- CVE-2026-47312 — Release of invalid pointer or reference vulnerability in Samsung Open Source Escargot allows Buffer Manipulation (5.5 MEDIUM)