Vulnerability Details : CVE-2020-8016
A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privileges. This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.
Products affected by CVE-2020-8016
- cpe:2.3:a:opensuse:texlive-filesystem:*:*:*:*:*:*:*:*
- cpe:2.3:a:opensuse:texlive-filesystem:*:*:*:*:*:*:*:*
- cpe:2.3:a:opensuse:texlive-filesystem:*:*:*:*:*:*:*:*
- cpe:2.3:a:opensuse:texlive-filesystem:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-8016
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-8016
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST | |
4.9
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
1.4
|
3.4
|
SUSE | |
7.0
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST |
CWE ids for CVE-2020-8016
-
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.Assigned by:
- meissner@suse.de (Primary)
- nvd@nist.gov (Secondary)
References for CVE-2020-8016
-
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00021.html
[security-announce] openSUSE-SU-2020:0804-1: moderate: Security update fMailing List;Third Party Advisory
-
https://bugzilla.suse.com/show_bug.cgi?id=1159740
Bug 1159740 – VUL-0: CVE-2020-8016: texlive-filesystem: sticky bit for dirs like /var/lib/texmf/fonts, race condition in spec fileExploit;Issue Tracking;Vendor Advisory
Jump to