CVE-2020-29660: Use After Free
First published: Fri Dec 04 2020(Updated: )
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-348.rt7.130.el8 | 0:4.18.0-348.rt7.130.el8 |
| redhat/kernel | <0:4.18.0-348.el8 | 0:4.18.0-348.el8 |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 | |
| Android | ||
| Linux Kernel | <=5.9.13 | |
| Fedora | =32 | |
| Fedora | =33 | |
| Debian | =9.0 | |
| Debian | =10.0 | |
| NetApp Active IQ Unified Manager for VMware vSphere | ||
| broadcom fabric operating system | ||
| All of | ||
| netapp solidfire baseboard management controller firmware | ||
| netapp solidfire baseboard management controller | ||
| All of | ||
| netapp h410c firmware | ||
| netapp h410c | ||
| All of | ||
| NetApp AFF A700s Firmware | ||
| netapp a700s | ||
| All of | ||
| NetApp AFF 8300 Firmware | ||
| NetApp FAS8300 | ||
| All of | ||
| NetApp AFF 8700 Firmware | ||
| NetApp FAS8700 | ||
| All of | ||
| NetApp AFF A400 Firmware | ||
| NetApp FAS A400 | ||
| netapp solidfire baseboard management controller firmware | ||
| netapp solidfire baseboard management controller | ||
| netapp h410c firmware | ||
| netapp h410c | ||
| NetApp AFF A700s Firmware | ||
| netapp a700s | ||
| NetApp AFF 8300 Firmware | ||
| NetApp FAS8300 | ||
| NetApp AFF 8700 Firmware | ||
| NetApp FAS8700 | ||
| NetApp AFF A400 Firmware | ||
| NetApp FAS A400 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-29660 https://nvd.nist.gov/vuln/detail/CVE-2020-29660
- https://bugzilla.redhat.com/show_bug.cgi?id=1906522
- https://access.redhat.com/errata/RHSA-2021:4140
- https://access.redhat.com/errata/RHSA-2021:4356
- https://access.redhat.com/security/cve/cve-2020-29660
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9
- http://www.openwall.com/lists/oss-security/2020/12/10/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/
- https://security.netapp.com/advisory/ntap-20210122-0001/
- https://www.debian.org/security/2021/dsa-4843
- https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html
- https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
- http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html
- https://launchpad.net/bugs/cve/CVE-2020-29660
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1906523
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/
- https://android.googlesource.com/kernel/common/+/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9
- https://source.android.com/docs/security/bulletin/2021-10-01 (Advisory)
- https://git.kernel.org/linus/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2125
- https://googleprojectzero.blogspot.com/2021/10/how-simple-linux-kernel-memory.html
- https://security-tracker.debian.org/tracker/CVE-2020-29660
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29660
- https://nvd.nist.gov/vuln/detail/CVE-2020-29660
- https://ubuntu.com/security/CVE-2020-29660
Frequently Asked Questions
What is the severity of CVE-2020-29660?
CVE-2020-29660 is considered a medium-severity vulnerability that can lead to read-after-free attacks in the Linux kernel.
How do I fix CVE-2020-29660?
To fix CVE-2020-29660, upgrade to kernel versions 0:4.18.0-348.rt7.130.el8 or 0:4.18.0-348.el8 or later.
Which Linux kernel versions are affected by CVE-2020-29660?
CVE-2020-29660 affects Linux kernel versions through 5.9.13.
Are there any specific distributions impacted by CVE-2020-29660?
Yes, CVE-2020-29660 affects Red Hat, Debian, and various Fedora distributions.
What component of the Linux kernel is vulnerable in CVE-2020-29660?
CVE-2020-29660 involves a locking inconsistency issue in the tty subsystem of the Linux kernel.
- collector/redhat-cve
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/first-publish-date
- agent/severity
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-29660
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/last-modified-date
- agent/trending
- agent/source
- agent/author
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/android-source
- source/Android
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- package-manager/redhat
- package-manager/debian
- vendor/google
- canonical/android
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.9.13
- vendor/fedoraproject
- canonical/fedora
- version/fedora/32
- version/fedora/33
- vendor/debian
- canonical/debian
- version/debian/9.0
- version/debian/10.0
- vendor/netapp
- canonical/netapp active iq unified manager for vmware vsphere
- vendor/broadcom
- canonical/broadcom fabric operating system
- canonical/netapp solidfire baseboard management controller firmware
- canonical/netapp solidfire baseboard management controller
- canonical/netapp h410c firmware
- canonical/netapp h410c
- canonical/netapp aff a700s firmware
- canonical/netapp a700s
- canonical/netapp aff 8300 firmware
- canonical/netapp fas8300
- canonical/netapp aff 8700 firmware
- canonical/netapp fas8700
- canonical/netapp aff a400 firmware
- canonical/netapp fas a400