UBUNTU-CVE-2020-29661

Description

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.

CVSS Metrics

• v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• ubuntu•linux

  < 3.13.0-188.239 | < 4.4.0-203.235 | < 4.15.0-136.140 | < 5.4.0-66.74

• ubuntu•linux-aws

  < 4.4.0-1086.90 | < 4.4.0-1122.136 | < 4.15.0-1094.101 | < 5.4.0-1038.40

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.4

  < 5.4.0-1038.40~18.04.1

• ubuntu•linux-aws-fips

  < 4.15.0-2037.39 | all | < 5.4.0-1069.73+fips2

• ubuntu•linux-aws-hwe

  < 4.15.0-1094.101~16.04.1

• ubuntu•linux-azure

  < 4.15.0-1108.120~14.04.1 | < 4.15.0-1108.120~16.04.1 | all | < 5.4.0-1040.42

• ubuntu•linux-azure-4.15

  < 4.15.0-1108.120

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.4

  < 5.4.0-1040.42~18.04.1

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fips

  < 4.15.0-2020.23 | all | < 5.4.0-1073.76+fips1

• ubuntu•linux-bluefield

  all

• ubuntu•linux-dell300x

  < 4.15.0-1012.16

• ubuntu•linux-fips

  < 4.4.0-1056.62 | all | < 4.15.0-1053.61

• ubuntu•linux-gcp

  < 4.15.0-1093.106~16.04.1 | all | < 5.4.0-1037.40

• ubuntu•linux-gcp-4.15

  < 4.15.0-1093.106

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.4

  < 5.4.0-1037.40~18.04.1

• ubuntu•linux-gcp-edge

  all

• ubuntu•linux-gcp-fips

  all | < 5.4.0-1067.71~20.04.1

• ubuntu•linux-gke

  < 5.4.0-1036.38

• ubuntu•linux-gke-4.15

  < 4.15.0-1079.84

• ubuntu•linux-gke-5.4

  < 5.4.0-1036.38~18.04.1

• ubuntu•linux-gkeop

  < 5.4.0-1010.11

• ubuntu•linux-gkeop-5.4

  < 5.4.0-1010.11~18.04.1

• ubuntu•linux-hwe

  < 4.15.0-136.140~16.04.1 | all

• ubuntu•linux-hwe-5.4

  < 5.4.0-66.74~18.04.2

• ubuntu•linux-hwe-5.8

  < 5.8.0-44.50~20.04.1

• ubuntu•linux-hwe-edge

  all | all

• ubuntu•linux-intel-iot-realtime

  all

• ubuntu•linux-kvm

  < 4.4.0-1088.97 | < 4.15.0-1085.87 | < 5.4.0-1033.34

• ubuntu•linux-lts-xenial

  < 4.4.0-203.235~14.04.1

• ubuntu•linux-nvidia

  all

• ubuntu•linux-oem

  all

• ubuntu•linux-oem-5.6

  < 5.6.0-1048.52

• ubuntu•linux-oracle

  < 4.15.0-1065.73~16.04.1 | < 4.15.0-1065.73 | < 5.4.0-1038.41

• ubuntu•linux-oracle-5.0

  all

• ubuntu•linux-oracle-5.3

  all

• ubuntu•linux-oracle-5.4

  < 5.4.0-1038.41~18.04.1

• ubuntu•linux-raspi

  < 5.4.0-1029.32

• ubuntu•linux-raspi-5.4

  < 5.4.0-1029.32~18.04.1

• ubuntu•linux-raspi-realtime

  all

• ubuntu•linux-raspi2

  < 4.4.0-1146.156 | < 4.15.0-1079.84 | all

• ubuntu•linux-realtime

  all

• ubuntu•linux-riscv

  all

• ubuntu•linux-riscv-5.8

  < 5.8.0-17.19~20.04.1

• ubuntu•linux-snapdragon

  < 4.4.0-1150.160 | < 4.15.0-1096.105

References (11)

• https://ubuntu.com/security/CVE-2020-29661
• https://git.kernel.org/linus/54ffccbf053b5b6ca4f6e45094b942fab92a25fc
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc
• https://bugs.chromium.org/p/project-zero/issues/detail?id=2125
• https://ubuntu.com/security/notices/USN-4748-1
• https://ubuntu.com/security/notices/USN-4749-1
• https://ubuntu.com/security/notices/USN-4750-1
• https://ubuntu.com/security/notices/USN-4751-1
• https://ubuntu.com/security/notices/USN-4752-1
• https://ubuntu.com/security/notices/USN-5130-1
• https://www.cve.org/CVERecord?id=CVE-2020-29661