Vulnerability Details : CVE-2020-29660
Potential exploit
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.
Products affected by CVE-2020-29660
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-29660
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 28 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-29660
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
|
4.4
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
0.8
|
3.6
|
NIST |
CWE ids for CVE-2020-29660
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
-
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-29660
-
http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html
Kernel Live Patch Security Notice LSN-0082-1 ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://security.netapp.com/advisory/ntap-20210122-0001/
December 2020 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
[SECURITY] [DLA 2586-1] linux security updateMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html
[SECURITY] [DLA 2557-1] linux-4.19 security updateMailing List;Third Party Advisory
-
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9
Exploit;Patch;Vendor Advisory
-
https://www.debian.org/security/2021/dsa-4843
Debian -- Security Information -- DSA-4843-1 linuxThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2020/12/10/1
oss-security - 2 kernel issuesMailing List;Patch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/
[SECURITY] Fedora 32 Update: kernel-5.9.14-100.fc32 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/
[SECURITY] Fedora 33 Update: kernel-5.9.14-200.fc33 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
Jump to