CVE-2020-12770: Use After Free
First published: Tue Apr 14 2020(Updated: )
A vulnerability was found in sg_write in drivers/scsi/sg.c in SCSI generic (sg) driver subsystem. An attacker with a local access and special user privilege (or root) can cause a denial of service (DoS) if allocated list is not cleaned with invalid (Sg_fd * sfp) pointer at the time of failure, failing this can even cause a kernel internal information leak problem. Reference and upstream commit: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.rt56.1131.el7 | 0:3.10.0-1160.rt56.1131.el7 |
| redhat/kernel | <0:3.10.0-1160.el7 | 0:3.10.0-1160.el7 |
| redhat/kernel | <0:3.10.0-693.81.1.el7 | 0:3.10.0-693.81.1.el7 |
| redhat/kernel | <0:3.10.0-957.65.1.el7 | 0:3.10.0-957.65.1.el7 |
| redhat/kernel | <0:3.10.0-1062.40.1.el7 | 0:3.10.0-1062.40.1.el7 |
| redhat/kernel-rt | <0:4.18.0-240.rt7.54.el8 | 0:4.18.0-240.rt7.54.el8 |
| redhat/kernel | <0:4.18.0-240.el8 | 0:4.18.0-240.el8 |
| Linux Kernel | <=5.6.11 | |
| Red Hat Fedora | =30 | |
| Red Hat Fedora | =31 | |
| Red Hat Fedora | =32 | |
| Ubuntu | =14.04 | |
| Ubuntu | =16.04 | |
| Ubuntu | =18.04 | |
| Ubuntu | =19.10 | |
| Ubuntu | =20.04 | |
| Debian Linux | =8.0 | |
| Debian Linux | =9.0 | |
| Debian Linux | =10.0 | |
| NetApp Active IQ Unified Manager for VMware vSphere | ||
| NetApp Cloud Backup | ||
| NetApp Management Services for Element Software | ||
| NetApp SolidFire & HCI Management Node | ||
| NetApp SolidFire & HCI Storage Node | ||
| NetApp SteelStore Cloud Integrated Storage | ||
| All of | ||
| NetApp HCI Bootstrap OS | ||
| NetApp HCI Compute Node | ||
| All of | ||
| NetApp AFF A700s Firmware | ||
| NetApp A700 | ||
| All of | ||
| NetApp H300S Firmware | ||
| NetApp H300S Firmware | ||
| All of | ||
| NetApp H500e Firmware | ||
| NetApp H500e Firmware | ||
| All of | ||
| NetApp H700S | ||
| NetApp H700S | ||
| All of | ||
| NetApp H300E | ||
| NetApp H300E Firmware | ||
| All of | ||
| NetApp H500S Firmware | ||
| NetApp H500e Firmware | ||
| All of | ||
| NetApp H700E | ||
| NetApp H700E | ||
| All of | ||
| NetApp H410S | ||
| NetApp H410S Firmware | ||
| All of | ||
| NetApp H410C | ||
| NetApp H410C Firmware | ||
| All of | ||
| NetApp H610C | ||
| NetApp H610C Firmware | ||
| All of | ||
| NetApp HCI H610S Firmware | ||
| NetApp H610S Firmware | ||
| All of | ||
| NetApp H615C | ||
| NetApp H615C | ||
| NetApp HCI Bootstrap OS | ||
| NetApp HCI Compute Node | ||
| NetApp AFF A700s Firmware | ||
| NetApp A700 | ||
| NetApp H300S Firmware | ||
| NetApp H300S Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H700S | ||
| NetApp H700S | ||
| NetApp H300E | ||
| NetApp H300E Firmware | ||
| NetApp H500S Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H700E | ||
| NetApp H700E | ||
| NetApp H410S | ||
| NetApp H410S Firmware | ||
| NetApp H410C | ||
| NetApp H410C Firmware | ||
| NetApp H610C | ||
| NetApp H610C Firmware | ||
| NetApp HCI H610S Firmware | ||
| NetApp H610S Firmware | ||
| NetApp H615C | ||
| NetApp H615C | ||
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.133-1 6.12.21-1 6.12.22-1 |
Remedy
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-12770 https://nvd.nist.gov/vuln/detail/CVE-2020-12770
- https://bugzilla.redhat.com/show_bug.cgi?id=1834845
- https://access.redhat.com/errata/RHSA-2020:4062
- https://access.redhat.com/errata/RHSA-2020:4060
- https://access.redhat.com/errata/RHSA-2020:5430
- https://access.redhat.com/errata/RHSA-2020:5656
- https://access.redhat.com/errata/RHSA-2020:5206
- https://access.redhat.com/errata/RHSA-2020:4609
- https://access.redhat.com/errata/RHSA-2020:4431
- https://access.redhat.com/security/cve/cve-2020-12770
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee
- https://lkml.org/lkml/2020/4/13/870
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://www.debian.org/security/2020/dsa-4698
- https://www.debian.org/security/2020/dsa-4699
- https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
- https://usn.ubuntu.com/4413-1/
- https://usn.ubuntu.com/4411-1/
- https://usn.ubuntu.com/4412-1/
- https://usn.ubuntu.com/4419-1/
- https://usn.ubuntu.com/4414-1/
- https://launchpad.net/bugs/cve/CVE-2020-12770
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1834847
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/
- https://git.kernel.org/linus/83c6f2390040f188cc25b270b4befeb5628c1aee
- https://security-tracker.debian.org/tracker/CVE-2020-12770
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12770
- https://nvd.nist.gov/vuln/detail/CVE-2020-12770
- https://ubuntu.com/security/CVE-2020-12770
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2020-12770?
CVE-2020-12770 has a severity rating that may lead to Denial of Service (DoS) under specific conditions.
How do I fix CVE-2020-12770?
To fix CVE-2020-12770, upgrade to the recommended kernel versions from the vendors as specified in the security advisories.
What systems are affected by CVE-2020-12770?
CVE-2020-12770 affects multiple versions of the Linux kernel and specific Linux distributions including Red Hat, Fedora, and Debian.
Can CVE-2020-12770 be exploited remotely?
CVE-2020-12770 requires local access and special user privileges to be exploited, making it less likely to be exploited remotely.
What is the potential impact of CVE-2020-12770?
The impact of CVE-2020-12770 includes potential Denial of Service (DoS), affecting system availability.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-12770
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/trending
- agent/source
- agent/author
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.6.11
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/30
- version/red hat fedora/31
- version/red hat fedora/32
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/14.04
- version/ubuntu/16.04
- version/ubuntu/18.04
- version/ubuntu/19.10
- version/ubuntu/20.04
- vendor/debian
- canonical/debian linux
- version/debian linux/8.0
- version/debian linux/9.0
- version/debian linux/10.0
- vendor/netapp
- canonical/netapp active iq unified manager for vmware vsphere
- canonical/netapp cloud backup
- canonical/netapp management services for element software
- canonical/netapp solidfire & hci management node
- canonical/netapp solidfire & hci storage node
- canonical/netapp steelstore cloud integrated storage
- canonical/netapp hci bootstrap os
- canonical/netapp hci compute node
- canonical/netapp aff a700s firmware
- canonical/netapp a700
- canonical/netapp h300s firmware
- canonical/netapp h500e firmware
- canonical/netapp h700s
- canonical/netapp h300e
- canonical/netapp h300e firmware
- canonical/netapp h500s firmware
- canonical/netapp h700e
- canonical/netapp h410s
- canonical/netapp h410s firmware
- canonical/netapp h410c
- canonical/netapp h410c firmware
- canonical/netapp h610c
- canonical/netapp h610c firmware
- canonical/netapp hci h610s firmware
- canonical/netapp h610s firmware
- canonical/netapp h615c
- package-manager/debian