7.8

CVE-2020-29661

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.

Data is provided by the National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.26 < 4.4.248
LinuxLinux Kernel Version >= 4.5 < 4.9.248
LinuxLinux Kernel Version >= 4.10 < 4.14.212
LinuxLinux Kernel Version >= 4.15 < 4.19.163
LinuxLinux Kernel Version >= 4.20 < 5.4.83
LinuxLinux Kernel Version >= 5.5 < 5.9.14
FedoraprojectFedora Version32
FedoraprojectFedora Version33
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
NetappActive Iq Unified Manager Version- SwPlatformvmware_vsphere
NetappH410c Firmware Version-
   NetappH410c Version-
NetappA700s Firmware Version-
   NetappA700s Version-
Netapp8300 Firmware Version-
   Netapp8300 Version-
Netapp8700 Firmware Version-
   Netapp8700 Version-
NetappA400 Firmware Version-
   NetappA400 Version-
OracleTekelec Platform Distribution Version >= 7.4.0 <= 7.7.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.22% 0.45
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

http://www.openwall.com/lists/oss-security/2020/12/10/1
Patch
Third Party Advisory
Mailing List