CVE-2020-29368: Race Condition
First published: Wed Jun 03 2020(Updated: )
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-348.rt7.130.el8 | 0:4.18.0-348.rt7.130.el8 |
| redhat/kernel | <0:4.18.0-348.el8 | 0:4.18.0-348.el8 |
| redhat/kernel-rt | <0:4.18.0-193.87.1.rt13.137.el8_2 | 0:4.18.0-193.87.1.rt13.137.el8_2 |
| redhat/kernel | <0:4.18.0-193.87.1.el8_2 | 0:4.18.0-193.87.1.el8_2 |
| redhat/kernel-rt | <0:4.18.0-305.57.1.rt7.129.el8_4 | 0:4.18.0-305.57.1.rt7.129.el8_4 |
| redhat/kernel | <0:4.18.0-305.57.1.el8_4 | 0:4.18.0-305.57.1.el8_4 |
| Linux Kernel | >=4.5.5<4.9.228 | |
| Linux Kernel | >=4.10<4.14.185 | |
| Linux Kernel | >=4.15<4.19.129 | |
| Linux Kernel | >=4.20<5.4.48 | |
| Linux Kernel | >=5.5<5.7.5 | |
| netapp cloud backup | ||
| NetApp Element Software | ||
| netapp hci management node | ||
| netapp solidfire | ||
| All of | ||
| netapp hci bootstrap os | ||
| netapp hci compute node | ||
| All of | ||
| netapp h410c firmware | ||
| netapp h410c | ||
| Linux Kernel | <5.7.5 | |
| netapp hci bootstrap os | ||
| netapp hci compute node | ||
| netapp h410c firmware | ||
| netapp h410c | ||
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 | |
| Android |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-29368 https://nvd.nist.gov/vuln/detail/CVE-2020-29368
- https://bugzilla.redhat.com/show_bug.cgi?id=1903244
- https://access.redhat.com/errata/RHSA-2021:4140
- https://access.redhat.com/errata/RHSA-2021:4356
- https://access.redhat.com/errata/RHSA-2022:5224
- https://access.redhat.com/errata/RHSA-2022:5220
- https://access.redhat.com/errata/RHSA-2022:5633
- https://access.redhat.com/errata/RHSA-2022:5626
- https://access.redhat.com/security/cve/cve-2020-29368
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2045
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040
- https://security.netapp.com/advisory/ntap-20210108-0002/
- https://launchpad.net/bugs/cve/CVE-2020-29368
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1903245
- https://android.googlesource.com/kernel/common/+/c444eb564fb16645c172d550359cb3d75fe8a040
- https://source.android.com/docs/security/bulletin/2022-03-01 (Advisory)
- https://git.kernel.org/linus/c444eb564fb16645c172d550359cb3d75fe8a040
- https://security-tracker.debian.org/tracker/CVE-2020-29368
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29368
- https://nvd.nist.gov/vuln/detail/CVE-2020-29368
- https://ubuntu.com/security/CVE-2020-29368
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2020-29368?
CVE-2020-29368 has a medium severity rating due to the potential for unintended write access caused by a race condition.
How do I fix CVE-2020-29368?
To fix CVE-2020-29368, upgrade to the kernel versions 4.18.0-348.el8 or newer, or apply the recommended patches.
What systems are affected by CVE-2020-29368?
CVE-2020-29368 affects various versions of the Linux kernel prior to 5.7.5, including specific Red Hat and Debian releases.
Is CVE-2020-29368 exploitable remotely?
CVE-2020-29368 is not inherently exploitable remotely as it requires local access to the affected system for exploitation.
What components are involved in CVE-2020-29368?
CVE-2020-29368 is associated with the copy-on-write mechanism in the Linux kernel's memory management, specifically in the huge memory handling functions.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-29368
- agent/severity
- agent/weakness
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/trending
- agent/last-modified-date
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- collector/nvd-index
- agent/tags
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/android-source
- source/Android
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.5.5
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- vendor/netapp
- canonical/netapp cloud backup
- canonical/netapp element software
- canonical/netapp hci management node
- canonical/netapp solidfire
- canonical/netapp hci bootstrap os
- canonical/netapp hci compute node
- canonical/netapp h410c firmware
- canonical/netapp h410c
- package-manager/debian
- vendor/google
- canonical/android