CVE-2020-29660

LOW

Description

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.

References

http://www.openwall.com/lists/oss-security/2020/12/10/1

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9

https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html

https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/

https://lists.fedoraproject.org/archives/list/[email protected]/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/

https://security.netapp.com/advisory/ntap-20210122-0001/

https://www.debian.org/security/2021/dsa-4843

Details

Source: MITRE

Published: 2020-12-09

Updated: 2021-03-09

Type: CWE-667

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3.0

Base Score: 4.4

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 0.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 5.9.13 (inclusive)

Tenable Plugins

View all (44 total)

IDNameProductFamilySeverity
148550Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9038)NessusOracle Linux Local Security Checks
high
148549Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9037)NessusOracle Linux Local Security Checks
high
148041EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1684)NessusHuawei Local Security Checks
high
148009Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4750-1)NessusUbuntu Local Security Checks
high
147983Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4749-1)NessusUbuntu Local Security Checks
high
147982Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4752-1)NessusUbuntu Local Security Checks
high
147978Ubuntu 20.04 LTS / 20.10 : Linux kernel vulnerabilities (USN-4751-1)NessusUbuntu Local Security Checks
high
147975Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4748-1)NessusUbuntu Local Security Checks
high
147690EulerOS : kernel (EulerOS-SA-2021-1642)NessusHuawei Local Security Checks
high
147588EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-1386)NessusHuawei Local Security Checks
high
147532Debian DLA-2586-1 : linux security updateNessusDebian Local Security Checks
high
147512EulerOS : kernel (EulerOS-SA-2021-1604)NessusHuawei Local Security Checks
high
146701EulerOS 2.0 SP2 : kernel (EulerOS-SA-2021-1311)NessusHuawei Local Security Checks
high
146512Debian DLA-2557-1 : linux-4.19 security updateNessusDebian Local Security Checks
high
146511SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0452-1)NessusSuSE Local Security Checks
high
146476SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0437-1)NessusSuSE Local Security Checks
high
146474SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0438-1)NessusSuSE Local Security Checks
high
146470SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0434-1)NessusSuSE Local Security Checks
high
146401SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0408-1)NessusSuSE Local Security Checks
high
146300Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9035)NessusOracle Linux Local Security Checks
high
146299Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9039)NessusOracle Linux Local Security Checks
high
146282openSUSE Security Update : RT kernel (openSUSE-2021-242)NessusSuSE Local Security Checks
high
146248OracleVM 3.4 : Unbreakable / etc (OVMSA-2021-0005)NessusOracleVM Local Security Checks
high
146096Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9030)NessusOracle Linux Local Security Checks
high
146052Debian DSA-4843-1 : linux - security updateNessusDebian Local Security Checks
high
145726EulerOS 2.0 SP8 : kernel (EulerOS-SA-2021-1148)NessusHuawei Local Security Checks
high
145458Amazon Linux AMI : kernel (ALAS-2021-1477)NessusAmazon Linux Local Security Checks
high
145456Amazon Linux 2 : kernel (ALAS-2021-1588)NessusAmazon Linux Local Security Checks
high
145320openSUSE Security Update : the Linux Kernel (openSUSE-2021-60)NessusSuSE Local Security Checks
high
145287openSUSE Security Update : the Linux Kernel (openSUSE-2021-75)NessusSuSE Local Security Checks
high
145201EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1079)NessusHuawei Local Security Checks
high
145120SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0133-1)NessusSuSE Local Security Checks
high
145025SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0117-1)NessusSuSE Local Security Checks
high
145018SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0118-1)NessusSuSE Local Security Checks
high
144959SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0108-1)NessusSuSE Local Security Checks
high
144914SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0098-1)NessusSuSE Local Security Checks
high
144908SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0095-1)NessusSuSE Local Security Checks
high
144902Photon OS 3.0: Linux PHSA-2021-3.0-0182NessusPhotonOS Local Security Checks
high
144891Photon OS 2.0: Linux PHSA-2021-2.0-0308NessusPhotonOS Local Security Checks
high
144693EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1028)NessusHuawei Local Security Checks
high
144687EulerOS : kernel (EulerOS-SA-2021-1009)NessusHuawei Local Security Checks
high
144519Photon OS 1.0: Linux PHSA-2020-1.0-0350NessusPhotonOS Local Security Checks
high
144362Fedora 32 : kernel (2020-bc0cc81a7a)NessusFedora Local Security Checks
high
144342Fedora 33 : kernel (2020-b732958765)NessusFedora Local Security Checks
high