CVE-2020-29661

Description

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.

CVSS Metrics

• v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
• v2.0•HIGH•Score: 7.2AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.59%• Percentile: 70%

Techniques & Countermeasures

• CWE-416•Use After Free

  The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

• CWE-667•Improper Locking

  The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Affected Systems

• broadcom•fabric_operating_system

  na

• debian•debian_linux

  9.0 | 10.0

• fedoraproject•fedora

  32 | 33

• linux•linux_kernel

  ≥ 2.6.26, < 4.4.248 | ≥ 4.5, < 4.9.248 | ≥ 4.10, < 4.14.212 | ≥ 4.15, < 4.19.163 | ≥ 4.20, < 5.4.83 | ≥ 5.5, < 5.9.14

• netapp•8300_firmware

  na

• netapp•8700_firmware

  na

• netapp•a400_firmware

  na

• netapp•a700s_firmware

  na

• netapp•active_iq_unified_manager

  na

• netapp•h410c_firmware

  na

• netapp•solidfire_baseboard_management_controller_firmware

  na

• oracle•tekelec_platform_distribution

  ≥ 7.4.0, ≤ 7.7.1

References (11)

• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc
• http://www.openwall.com/lists/oss-security/2020/12/10/1
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/
• https://www.debian.org/security/2021/dsa-4843
• https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html
• https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
• https://www.oracle.com/security-alerts/cpuoct2021.html
• http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html
• https://security.netapp.com/advisory/ntap-20210122-0001/
• http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html