CVE-2020-13143 : gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3

gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.

Published 2020-05-18 18:15:11

Updated 2022-10-29 02:36:25

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2020-13143

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.16 and up to, including, (<=) 5.6.13
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 19.10
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 20.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
Matching versions
Opensuse » Leap » Version: 15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 15.2
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
Matching versions
Netapp » Cloud Backup » Version: N/A
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
Matching versions
Netapp » Element Software » Version: N/A
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
Matching versions
Netapp » Steelstore Cloud Integrated Storage » Version: N/A
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
Matching versions
Netapp » Hci Management Node » Version: N/A
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
Matching versions
Netapp » Solidfire » Version: N/A
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
Matching versions
Netapp » Active Iq Unified Manager » Version: N/A For Vmware Vsphere
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Matching versions
Netapp » H610s Firmware » Version: N/A
cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H610s » Version: N/A
Netapp » A700s Firmware » Version: N/A
cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » A700s » Version: N/A
Netapp » H410c Firmware » Version: N/A
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H410c » Version: N/A
Netapp » H300s Firmware » Version: N/A
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H300s » Version: N/A
Netapp » H500s Firmware » Version: N/A
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H500s » Version: N/A
Netapp » H700s Firmware » Version: N/A
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H700s » Version: N/A
Netapp » H300e Firmware » Version: N/A
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H300e » Version: N/A
Netapp » H500e Firmware » Version: N/A
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H500e » Version: N/A
Netapp » H700e Firmware » Version: N/A
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H700e » Version: N/A
Netapp » H410s Firmware » Version: N/A
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H410s » Version: N/A
Netapp » H610c Firmware » Version: N/A
cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H610c » Version: N/A
Netapp » H615c Firmware » Version: N/A
cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H615c » Version: N/A
Netapp » Solidfire Baseboard Management Controller Firmware » Version: N/A
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Solidfire Baseboard Management Controller » Version: N/A
Netapp » Bootstrap Os » Version: N/A
cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Hci Compute Node » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-13143

EPSS FAQ

1.74%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 81 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-13143

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2020-13143

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-13143

https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html

[SECURITY] [DLA 2241-2] linux security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/4411-1/

USN-4411-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu
Third Party Advisory

CVEs referencing this url
https://www.spinics.net/lists/linux-usb/msg194331.html

KASAN: slab-out-of-bounds Read in gadget_dev_desc_UDC_store — Linux USB
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html

[security-announce] openSUSE-SU-2020:0801-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/4413-1/

USN-4413-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html

[SECURITY] [DLA 2241-1] linux security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html

[SECURITY] [DLA 2242-1] linux-4.9 security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20200608-0001/

May 2020 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2020/dsa-4699

Debian -- Security Information -- DSA-4699-1 linux
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html

[security-announce] openSUSE-SU-2020:0935-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/4414-1/

USN-4414-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/4419-1/

USN-4419-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu
Third Party Advisory

CVEs referencing this url
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c

kernel/git/tip/tip.git - Unnamed repository; edit this file 'description' to name the repository.
Mailing List;Patch;Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f

kernel/git/torvalds/linux.git - Linux kernel source tree
Patch;Vendor Advisory
https://usn.ubuntu.com/4412-1/

USN-4412-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu
Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2020/dsa-4698

Debian -- Security Information -- DSA-4698-1 linux
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-13143

Products affected by CVE-2020-13143

Exploit prediction scoring system (EPSS) score for CVE-2020-13143

CVSS scores for CVE-2020-13143

CWE ids for CVE-2020-13143

References for CVE-2020-13143