CVE-2020-29661
HIGH
7,8
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH
7,2
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: complete
Integrity: complete
Availability: complete
Description
AI Translation Available
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0026
Percentile
0,5th
Updated
EPSS Score Trend (Last 90 Days)
416
Use After Free
StableCommon Consequences
Security Scopes Affected:
Integrity
Availability
Confidentiality
Potential Impacts:
Modify Memory
Dos: Crash, Exit, Or Restart
Execute Unauthorized Code Or Commands
Applicable Platforms
Languages:
C, C++, Memory-Unsafe
667
Improper Locking
DraftCommon Consequences
Security Scopes Affected:
Availability
Potential Impacts:
Dos: Resource Consumption (Cpu)
Applicable Platforms
All platforms may be affected
Operating System
Fabric Operating System by Broadcom
CPE Identifier
View Detailed Analysis
cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
A400 Firmware by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Debian Linux by Debian
CPE Identifier
View Detailed Analysis
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
4.20
(inclusive)
To
5.4.83
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
H410C Firmware by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Tekelec Platform Distribution by Oracle
Version Range Affected
From
7.4.0
(inclusive)
To
7.7.1
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
8700 Firmware by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Fedora by Fedoraproject
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Active Iq Unified Manager by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
8300 Firmware by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
4.10
(inclusive)
To
4.14.212
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
5.5
(inclusive)
To
5.9.14
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
4.15
(inclusive)
To
4.19.163
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
4.5
(inclusive)
To
4.9.248
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
2.6.26
(inclusive)
To
4.4.248
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Debian Linux by Debian
CPE Identifier
View Detailed Analysis
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Fedora by Fedoraproject
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Solidfire Baseboard Management Controller Firmware by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
A700S Firmware by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html
http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-L…
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5…
https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://security.netapp.com/advisory/ntap-20210122-0001/
https://www.debian.org/security/2021/dsa-4843
https://www.oracle.com/security-alerts/cpuoct2021.html
http://www.openwall.com/lists/oss-security/2020/12/10/1
http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html
http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-L…
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5…
https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://security.netapp.com/advisory/ntap-20210122-0001/
https://www.debian.org/security/2021/dsa-4843
https://www.oracle.com/security-alerts/cpuoct2021.html
http://www.openwall.com/lists/oss-security/2020/12/10/1