CVE-2020-12770: Use After Free
First published: Tue Apr 14 2020(Updated: )
A vulnerability was found in sg_write in drivers/scsi/sg.c in SCSI generic (sg) driver subsystem. An attacker with a local access and special user privilege (or root) can cause a denial of service (DoS) if allocated list is not cleaned with invalid (Sg_fd * sfp) pointer at the time of failure, failing this can even cause a kernel internal information leak problem. Reference and upstream commit: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.rt56.1131.el7 | 0:3.10.0-1160.rt56.1131.el7 |
| redhat/kernel | <0:3.10.0-1160.el7 | 0:3.10.0-1160.el7 |
| redhat/kernel | <0:3.10.0-693.81.1.el7 | 0:3.10.0-693.81.1.el7 |
| redhat/kernel | <0:3.10.0-957.65.1.el7 | 0:3.10.0-957.65.1.el7 |
| redhat/kernel | <0:3.10.0-1062.40.1.el7 | 0:3.10.0-1062.40.1.el7 |
| redhat/kernel-rt | <0:4.18.0-240.rt7.54.el8 | 0:4.18.0-240.rt7.54.el8 |
| redhat/kernel | <0:4.18.0-240.el8 | 0:4.18.0-240.el8 |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.13-1 | |
| Linux Kernel | <=5.6.11 | |
| Fedora | =30 | |
| Fedora | =31 | |
| Fedora | =32 | |
| Ubuntu | =14.04 | |
| Ubuntu | =16.04 | |
| Ubuntu | =18.04 | |
| Ubuntu | =19.10 | |
| Ubuntu | =20.04 | |
| Debian | =8.0 | |
| Debian | =9.0 | |
| Debian | =10.0 | |
| NetApp Active IQ Unified Manager for VMware vSphere | ||
| netapp cloud backup | ||
| NetApp Element Software | ||
| netapp hci management node | ||
| netapp solidfire | ||
| NetApp SteelStore | ||
| All of | ||
| netapp bootstrap os | ||
| netapp hci compute node | ||
| All of | ||
| NetApp AFF A700s Firmware | ||
| netapp a700s | ||
| All of | ||
| netapp h300s firmware | ||
| netapp h300s | ||
| All of | ||
| NetApp H500S Firmware | ||
| netapp h500s | ||
| All of | ||
| netapp h700s firmware | ||
| netapp h700s | ||
| All of | ||
| netapp h300e firmware | ||
| netapp h300e | ||
| All of | ||
| netapp h500e firmware | ||
| netapp h500e | ||
| All of | ||
| netapp h700e firmware | ||
| netapp h700e | ||
| All of | ||
| netapp h410s firmware | ||
| netapp h410s | ||
| All of | ||
| netapp h410c firmware | ||
| netapp h410c | ||
| All of | ||
| netapp h610c firmware | ||
| netapp h610c | ||
| All of | ||
| netapp h610s firmware | ||
| netapp h610s | ||
| All of | ||
| netapp h615c firmware | ||
| netapp h615c | ||
| netapp bootstrap os | ||
| netapp hci compute node | ||
| NetApp AFF A700s Firmware | ||
| netapp a700s | ||
| netapp h300s firmware | ||
| netapp h300s | ||
| NetApp H500S Firmware | ||
| netapp h500s | ||
| netapp h700s firmware | ||
| netapp h700s | ||
| netapp h300e firmware | ||
| netapp h300e | ||
| netapp h500e firmware | ||
| netapp h500e | ||
| netapp h700e firmware | ||
| netapp h700e | ||
| netapp h410s firmware | ||
| netapp h410s | ||
| netapp h410c firmware | ||
| netapp h410c | ||
| netapp h610c firmware | ||
| netapp h610c | ||
| netapp h610s firmware | ||
| netapp h610s | ||
| netapp h615c firmware | ||
| netapp h615c |
Remedy
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-12770 https://nvd.nist.gov/vuln/detail/CVE-2020-12770
- https://bugzilla.redhat.com/show_bug.cgi?id=1834845
- https://access.redhat.com/errata/RHSA-2020:4062
- https://access.redhat.com/errata/RHSA-2020:4060
- https://access.redhat.com/errata/RHSA-2020:5430
- https://access.redhat.com/errata/RHSA-2020:5656
- https://access.redhat.com/errata/RHSA-2020:5206
- https://access.redhat.com/errata/RHSA-2020:4609
- https://access.redhat.com/errata/RHSA-2020:4431
- https://access.redhat.com/security/cve/cve-2020-12770
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee
- https://lkml.org/lkml/2020/4/13/870
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://www.debian.org/security/2020/dsa-4698
- https://www.debian.org/security/2020/dsa-4699
- https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
- https://usn.ubuntu.com/4413-1/
- https://usn.ubuntu.com/4411-1/
- https://usn.ubuntu.com/4412-1/
- https://usn.ubuntu.com/4419-1/
- https://usn.ubuntu.com/4414-1/
- https://launchpad.net/bugs/cve/CVE-2020-12770
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1834847
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/
- https://git.kernel.org/linus/83c6f2390040f188cc25b270b4befeb5628c1aee
- https://security-tracker.debian.org/tracker/CVE-2020-12770
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12770
- https://nvd.nist.gov/vuln/detail/CVE-2020-12770
- https://ubuntu.com/security/CVE-2020-12770
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2020-12770?
CVE-2020-12770 has a severity rating that may lead to Denial of Service (DoS) under specific conditions.
How do I fix CVE-2020-12770?
To fix CVE-2020-12770, upgrade to the recommended kernel versions from the vendors as specified in the security advisories.
What systems are affected by CVE-2020-12770?
CVE-2020-12770 affects multiple versions of the Linux kernel and specific Linux distributions including Red Hat, Fedora, and Debian.
Can CVE-2020-12770 be exploited remotely?
CVE-2020-12770 requires local access and special user privileges to be exploited, making it less likely to be exploited remotely.
What is the potential impact of CVE-2020-12770?
The impact of CVE-2020-12770 includes potential Denial of Service (DoS), affecting system availability.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-12770
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/last-modified-date
- agent/trending
- agent/source
- agent/event
- agent/author
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/tags
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/redhat
- package-manager/debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.6.11
- vendor/fedoraproject
- canonical/fedora
- version/fedora/30
- version/fedora/31
- version/fedora/32
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/14.04
- version/ubuntu/16.04
- version/ubuntu/18.04
- version/ubuntu/19.10
- version/ubuntu/20.04
- vendor/debian
- canonical/debian
- version/debian/8.0
- version/debian/9.0
- version/debian/10.0
- vendor/netapp
- canonical/netapp active iq unified manager for vmware vsphere
- canonical/netapp cloud backup
- canonical/netapp element software
- canonical/netapp hci management node
- canonical/netapp solidfire
- canonical/netapp steelstore
- canonical/netapp bootstrap os
- canonical/netapp hci compute node
- canonical/netapp aff a700s firmware
- canonical/netapp a700s
- canonical/netapp h300s firmware
- canonical/netapp h300s
- canonical/netapp h500s firmware
- canonical/netapp h500s
- canonical/netapp h700s firmware
- canonical/netapp h700s
- canonical/netapp h300e firmware
- canonical/netapp h300e
- canonical/netapp h500e firmware
- canonical/netapp h500e
- canonical/netapp h700e firmware
- canonical/netapp h700e
- canonical/netapp h410s firmware
- canonical/netapp h410s
- canonical/netapp h410c firmware
- canonical/netapp h410c
- canonical/netapp h610c firmware
- canonical/netapp h610c
- canonical/netapp h610s firmware
- canonical/netapp h610s
- canonical/netapp h615c firmware
- canonical/netapp h615c