CVE-2020-14382

MEDIUM

Description

A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement "intervals = malloc(first_backup * sizeof(*intervals));"). Due to the bug, library can be *tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1874712

https://lists.fedoraproject.org/archives/list/[email protected]/message/OJTQ4KSVCW2NMSU5WFVPOHY46WMNF4OB/

https://lists.fedoraproject.org/archives/list/[email protected]/message/TD6YSD63LLRRC4WQ7DJLSXWNUCY6FWBM/

https://usn.ubuntu.com/4493-1/

Details

Source: MITRE

Published: 2020-09-16

Updated: 2020-09-25

Type: CWE-787

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
145904CentOS 8 : cryptsetup (CESA-2020:4542)NessusCentOS Local Security Checks
medium
145443RHEL 8 : cryptsetup (RHSA-2021:0258)NessusRed Hat Local Security Checks
medium
142760Oracle Linux 8 : cryptsetup (ELSA-2020-4542)NessusOracle Linux Local Security Checks
medium
142380RHEL 8 : cryptsetup (RHSA-2020:4542)NessusRed Hat Local Security Checks
medium
142374RHEL 8 : cryptsetup (RHSA-2020:4900)NessusRed Hat Local Security Checks
medium
142316EulerOS 2.0 SP9 : cryptsetup (EulerOS-SA-2020-2409)NessusHuawei Local Security Checks
medium
142253EulerOS : cryptsetup (EulerOS-SA-2020-2427)NessusHuawei Local Security Checks
medium
140672Fedora 31 : cryptsetup (2020-5ed5af6275)NessusFedora Local Security Checks
medium
140589Ubuntu 20.04 LTS : cryptsetup vulnerability (USN-4493-1)NessusUbuntu Local Security Checks
medium
140306Fedora 32 : cryptsetup (2020-965e406543)NessusFedora Local Security Checks
medium