CVE-2020-12652 : The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kern

The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power."

Published 2020-05-05 05:15:11

Updated 2020-06-13 09:15:13

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2020-12652

Linux » Linux Kernel
Versions before (<) 5.4.14
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-12652

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 12 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-12652

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.7	MEDIUM	AV:L/AC:M/Au:N/C:N/I:N/A:C	3.4	6.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
4.1	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H	0.5	3.6	NIST
Attack Vector: Local Attack Complexity: High Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2020-12652

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-12652

https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html

[SECURITY] [DLA 2241-2] linux security update

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html

[security-announce] openSUSE-SU-2020:0801-1: important: Security update

CVEs referencing this url
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28d76df18f0ad5bcf5fa48510b225f0ed262a99b

kernel/git/torvalds/linux.git - Linux kernel source tree
Patch;Vendor Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html

[SECURITY] [DLA 2241-1] linux security update

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html

[SECURITY] [DLA 2242-1] linux-4.9 security update

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20200608-0001/

May 2020 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product Security

CVEs referencing this url
https://www.debian.org/security/2020/dsa-4698

Debian -- Security Information -- DSA-4698-1 linux

CVEs referencing this url
https://github.com/torvalds/linux/commit/28d76df18f0ad5bcf5fa48510b225f0ed262a99b

scsi: mptfusion: Fix double fetch bug in ioctl · torvalds/linux@28d76df · GitHub
Patch;Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.14

Release Notes;Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-12652

Products affected by CVE-2020-12652

Exploit prediction scoring system (EPSS) score for CVE-2020-12652

CVSS scores for CVE-2020-12652

CWE ids for CVE-2020-12652

References for CVE-2020-12652