CVE-2020-29660

Severity

Theme

CVE-2020-29660

medium

New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.

References

http://www.openwall.com/lists/oss-security/2020/12/10/1

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9

https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html

https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/

https://lists.fedoraproject.org/archives/list/[email protected]/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/

https://security.netapp.com/advisory/ntap-20210122-0001/

https://www.debian.org/security/2021/dsa-4843

Details

Source: MITRE

Published: 2020-12-09

Updated: 2021-03-09

Type: CWE-667

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 4.4

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 0.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 5.9.13 (inclusive)

Tenable Plugins

View all (45 total)

ID	Name	Product	Family	Severity
150536	SUSE SLES11 Security Update : kernel (SUSE-SU-2021:14630-1)	Nessus	SuSE Local Security Checks	high
148550	Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9038)	Nessus	Oracle Linux Local Security Checks	medium
148549	Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9037)	Nessus	Oracle Linux Local Security Checks	medium
148041	EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1684)	Nessus	Huawei Local Security Checks	high
148009	Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4750-1)	Nessus	Ubuntu Local Security Checks	high
147983	Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4749-1)	Nessus	Ubuntu Local Security Checks	high
147982	Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4752-1)	Nessus	Ubuntu Local Security Checks	high
147978	Ubuntu 20.04 LTS / 20.10 : Linux kernel vulnerabilities (USN-4751-1)	Nessus	Ubuntu Local Security Checks	high
147975	Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4748-1)	Nessus	Ubuntu Local Security Checks	high
147690	EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2021-1642)	Nessus	Huawei Local Security Checks	high
147588	EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-1386)	Nessus	Huawei Local Security Checks	high
147532	Debian DLA-2586-1 : linux security update	Nessus	Debian Local Security Checks	high
147512	EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-1604)	Nessus	Huawei Local Security Checks	high
146701	EulerOS 2.0 SP2 : kernel (EulerOS-SA-2021-1311)	Nessus	Huawei Local Security Checks	high
146512	Debian DLA-2557-1 : linux-4.19 security update	Nessus	Debian Local Security Checks	high
146511	SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0452-1)	Nessus	SuSE Local Security Checks	high
146476	SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0437-1)	Nessus	SuSE Local Security Checks	high
146474	SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0438-1)	Nessus	SuSE Local Security Checks	high
146470	SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0434-1)	Nessus	SuSE Local Security Checks	high
146401	SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0408-1)	Nessus	SuSE Local Security Checks	medium
146300	Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9035)	Nessus	Oracle Linux Local Security Checks	medium
146299	Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9039)	Nessus	Oracle Linux Local Security Checks	medium
146282	openSUSE Security Update : RT kernel (openSUSE-2021-242)	Nessus	SuSE Local Security Checks	high
146248	OracleVM 3.4 : Unbreakable / etc (OVMSA-2021-0005)	Nessus	OracleVM Local Security Checks	medium
146096	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9030)	Nessus	Oracle Linux Local Security Checks	medium
146052	Debian DSA-4843-1 : linux - security update	Nessus	Debian Local Security Checks	high
145726	EulerOS 2.0 SP8 : kernel (EulerOS-SA-2021-1148)	Nessus	Huawei Local Security Checks	medium
145458	Amazon Linux AMI : kernel (ALAS-2021-1477)	Nessus	Amazon Linux Local Security Checks	high
145456	Amazon Linux 2 : kernel (ALAS-2021-1588)	Nessus	Amazon Linux Local Security Checks	high
145320	openSUSE Security Update : the Linux Kernel (openSUSE-2021-60)	Nessus	SuSE Local Security Checks	medium
145287	openSUSE Security Update : the Linux Kernel (openSUSE-2021-75)	Nessus	SuSE Local Security Checks	medium
145201	EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1079)	Nessus	Huawei Local Security Checks	high
145120	SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0133-1)	Nessus	SuSE Local Security Checks	medium
145025	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0117-1)	Nessus	SuSE Local Security Checks	medium
145018	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0118-1)	Nessus	SuSE Local Security Checks	medium
144959	SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0108-1)	Nessus	SuSE Local Security Checks	medium
144914	SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0098-1)	Nessus	SuSE Local Security Checks	high
144908	SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0095-1)	Nessus	SuSE Local Security Checks	medium
144902	Photon OS 3.0: Linux PHSA-2021-3.0-0182	Nessus	PhotonOS Local Security Checks	high
144891	Photon OS 2.0: Linux PHSA-2021-2.0-0308	Nessus	PhotonOS Local Security Checks	high
144693	EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1028)	Nessus	Huawei Local Security Checks	high
144687	EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1009)	Nessus	Huawei Local Security Checks	high
144519	Photon OS 1.0: Linux PHSA-2020-1.0-0350	Nessus	PhotonOS Local Security Checks	high
144362	Fedora 32 : kernel (2020-bc0cc81a7a)	Nessus	Fedora Local Security Checks	high
144342	Fedora 33 : kernel (2020-b732958765)	Nessus	Fedora Local Security Checks	high

CVE-2020-29660

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

medium

medium

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

medium

medium

medium

high

medium

medium

high

medium

high

high

medium

medium

high

medium

medium

medium

medium

high

medium

high

high

high

high

high

high

high