CVE-2020-29660: Use After Free
First published: Fri Dec 04 2020(Updated: )
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-348.rt7.130.el8 | 0:4.18.0-348.rt7.130.el8 |
| redhat/kernel | <0:4.18.0-348.el8 | 0:4.18.0-348.el8 |
| Linux Linux kernel | <=5.9.13 | |
| Fedoraproject Fedora | =32 | |
| Fedoraproject Fedora | =33 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | ||
| Broadcom Fabric Operating System | ||
| Netapp Solidfire Baseboard Management Controller Firmware | ||
| Netapp Solidfire Baseboard Management Controller | ||
| Netapp H410c Firmware | ||
| Netapp H410c | ||
| Netapp A700s Firmware | ||
| Netapp A700s | ||
| Netapp 8300 Firmware | ||
| Netapp 8300 | ||
| Netapp 8700 Firmware | ||
| Netapp 8700 | ||
| Netapp A400 Firmware | ||
| Netapp A400 | ||
| Google Android | ||
| All of | ||
| Netapp Solidfire Baseboard Management Controller Firmware | ||
| Netapp Solidfire Baseboard Management Controller | ||
| All of | ||
| Netapp H410c Firmware | ||
| Netapp H410c | ||
| All of | ||
| Netapp A700s Firmware | ||
| Netapp A700s | ||
| All of | ||
| Netapp 8300 Firmware | ||
| Netapp 8300 | ||
| All of | ||
| Netapp 8700 Firmware | ||
| Netapp 8700 | ||
| All of | ||
| Netapp A400 Firmware | ||
| Netapp A400 | ||
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-29660 https://nvd.nist.gov/vuln/detail/CVE-2020-29660
- https://bugzilla.redhat.com/show_bug.cgi?id=1906522
- https://access.redhat.com/errata/RHSA-2021:4140
- https://access.redhat.com/errata/RHSA-2021:4356
- https://access.redhat.com/security/cve/cve-2020-29660
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9
- http://www.openwall.com/lists/oss-security/2020/12/10/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/
- https://security.netapp.com/advisory/ntap-20210122-0001/
- https://www.debian.org/security/2021/dsa-4843
- https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html
- https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
- http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html
- https://launchpad.net/bugs/cve/CVE-2020-29660
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1906523
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/
- https://android.googlesource.com/kernel/common/+/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9
- https://source.android.com/docs/security/bulletin/2021-10-01 (Advisory)
- https://git.kernel.org/linus/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2125
- https://googleprojectzero.blogspot.com/2021/10/how-simple-linux-kernel-memory.html
- https://security-tracker.debian.org/tracker/CVE-2020-29660
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29660
- https://nvd.nist.gov/vuln/detail/CVE-2020-29660
- https://ubuntu.com/security/CVE-2020-29660
- collector/redhat-cve
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-29660
- collector/nvd-index
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/android-source
- source/Android
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/tags
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/last-modified-date
- collector/nvd-cve
- source/NVD
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- package-manager/redhat
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/5.9.13
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/32
- version/fedoraproject fedora/33
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/netapp
- canonical/netapp active iq unified manager vmware vsphere
- vendor/broadcom
- canonical/broadcom fabric operating system
- canonical/netapp solidfire baseboard management controller firmware
- canonical/netapp solidfire baseboard management controller
- canonical/netapp h410c firmware
- canonical/netapp h410c
- canonical/netapp a700s firmware
- canonical/netapp a700s
- canonical/netapp 8300 firmware
- canonical/netapp 8300
- canonical/netapp 8700 firmware
- canonical/netapp 8700
- canonical/netapp a400 firmware
- canonical/netapp a400
- vendor/google
- canonical/google android
- package-manager/debian