Details of VAR-202012-1546

ID

VAR-202012-1546

CVE

CVE-2020-29661

TITLE

Linux Kernel resource locking vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-014190

DESCRIPTION

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. Linux Kernel contains a resource locking vulnerability and a freed memory usage vulnerability. Vendors must CID-54ffccbf053b It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bug Fix(es): * [Hyper-V][RHEL-8] Request to included a commit that adds a timeout to vmbus_wait_for_unload (BZ#1913530) * [CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap (BZ#1929908) * rpmbuild cannot build the userspace RPMs in the kernel package when the kernel itself is not built (BZ#1929912) 4. 6 ELS) - i386, s390x, x86_64 3. Bug Fix(es): * Enable CI and changelog for GitLab workflow (BZ#1930523) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2021:0878-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0878 Issue date: 2021-03-16 CVE Names: CVE-2020-14351 CVE-2020-24394 CVE-2020-25212 CVE-2020-29661 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661) * kernel: performance counters race condition use-after-free (CVE-2020-14351) * kernel: umask not applied on filesystem without ACL support (CVE-2020-24394) * kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Security patch for CVE-2020-25212 breaks directory listings via 'ls' on NFS V4.2 shares mounted with selinux enabled labels (BZ#1919144) * Enable CI and changelog for GitLab workflow (BZ#1930931) Enhancement(s): * [Cavium 7.7 Feat] qla2xxx: Update to latest upstream. (BZ#1918534) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1862849 - CVE-2020-14351 kernel: performance counters race condition use-after-free 1869141 - CVE-2020-24394 kernel: umask not applied on filesystem without ACL support 1877575 - CVE-2020-25212 kernel: TOCTOU mismatch in the NFS client code 1906525 - CVE-2020-29661 kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6): Source: kernel-3.10.0-957.70.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.70.1.el7.noarch.rpm kernel-doc-3.10.0-957.70.1.el7.noarch.rpm x86_64: bpftool-3.10.0-957.70.1.el7.x86_64.rpm kernel-3.10.0-957.70.1.el7.x86_64.rpm kernel-debug-3.10.0-957.70.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.70.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.70.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.70.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.70.1.el7.x86_64.rpm kernel-devel-3.10.0-957.70.1.el7.x86_64.rpm kernel-headers-3.10.0-957.70.1.el7.x86_64.rpm kernel-tools-3.10.0-957.70.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.70.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.70.1.el7.x86_64.rpm perf-3.10.0-957.70.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.70.1.el7.x86_64.rpm python-perf-3.10.0-957.70.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.70.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6): x86_64: kernel-debug-debuginfo-3.10.0-957.70.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.70.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.70.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.70.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.70.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.70.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.70.1.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.6): Source: kernel-3.10.0-957.70.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.70.1.el7.noarch.rpm kernel-doc-3.10.0-957.70.1.el7.noarch.rpm ppc64: kernel-3.10.0-957.70.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-957.70.1.el7.ppc64.rpm kernel-debug-3.10.0-957.70.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-957.70.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-957.70.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-957.70.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-957.70.1.el7.ppc64.rpm kernel-devel-3.10.0-957.70.1.el7.ppc64.rpm kernel-headers-3.10.0-957.70.1.el7.ppc64.rpm kernel-tools-3.10.0-957.70.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-957.70.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-957.70.1.el7.ppc64.rpm perf-3.10.0-957.70.1.el7.ppc64.rpm perf-debuginfo-3.10.0-957.70.1.el7.ppc64.rpm python-perf-3.10.0-957.70.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-957.70.1.el7.ppc64.rpm ppc64le: kernel-3.10.0-957.70.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-957.70.1.el7.ppc64le.rpm kernel-debug-3.10.0-957.70.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-957.70.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-957.70.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-957.70.1.el7.ppc64le.rpm kernel-devel-3.10.0-957.70.1.el7.ppc64le.rpm kernel-headers-3.10.0-957.70.1.el7.ppc64le.rpm kernel-tools-3.10.0-957.70.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-957.70.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-957.70.1.el7.ppc64le.rpm perf-3.10.0-957.70.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-957.70.1.el7.ppc64le.rpm python-perf-3.10.0-957.70.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-957.70.1.el7.ppc64le.rpm s390x: kernel-3.10.0-957.70.1.el7.s390x.rpm kernel-debug-3.10.0-957.70.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-957.70.1.el7.s390x.rpm kernel-debug-devel-3.10.0-957.70.1.el7.s390x.rpm kernel-debuginfo-3.10.0-957.70.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-957.70.1.el7.s390x.rpm kernel-devel-3.10.0-957.70.1.el7.s390x.rpm kernel-headers-3.10.0-957.70.1.el7.s390x.rpm kernel-kdump-3.10.0-957.70.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-957.70.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-957.70.1.el7.s390x.rpm perf-3.10.0-957.70.1.el7.s390x.rpm perf-debuginfo-3.10.0-957.70.1.el7.s390x.rpm python-perf-3.10.0-957.70.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-957.70.1.el7.s390x.rpm x86_64: bpftool-3.10.0-957.70.1.el7.x86_64.rpm kernel-3.10.0-957.70.1.el7.x86_64.rpm kernel-debug-3.10.0-957.70.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.70.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.70.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.70.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.70.1.el7.x86_64.rpm kernel-devel-3.10.0-957.70.1.el7.x86_64.rpm kernel-headers-3.10.0-957.70.1.el7.x86_64.rpm kernel-tools-3.10.0-957.70.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.70.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.70.1.el7.x86_64.rpm perf-3.10.0-957.70.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.70.1.el7.x86_64.rpm python-perf-3.10.0-957.70.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.70.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.6): ppc64: kernel-debug-debuginfo-3.10.0-957.70.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-957.70.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-957.70.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-957.70.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-957.70.1.el7.ppc64.rpm perf-debuginfo-3.10.0-957.70.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-957.70.1.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-957.70.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-957.70.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-957.70.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-957.70.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-957.70.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-957.70.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-957.70.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-957.70.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-957.70.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.70.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.70.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.70.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.70.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.70.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.70.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-14351 https://access.redhat.com/security/cve/CVE-2020-24394 https://access.redhat.com/security/cve/CVE-2020-25212 https://access.redhat.com/security/cve/CVE-2020-29661 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYFDHTtzjgjWX9erEAQgMwRAAmciGnGTaC97k1bJgX42n8dc4yATy5Arr rkG9GV0fuZyA0K3NTQHzXzUxmUZmqpIw08g3hvnzsUCkaHcLCcfby7EvIS4MPASE flN5JCjKqHBqIEVrXW+s+shnjiUU3TP0QyN3t5TzuosxAwfq8tW0YDpfY/0o/v32 bdlRxBOX5dakNO6mj40tAEmGHZmHglJqYpGFSnGavE0Y2KQHJPHpsNFYBa77Cb9I /EzJfdLcXLgJGroMcWLaY3G2qCbI47cJI/Mln5spEzPd3ZuZfagCIPiBNtlNJngx QXgRaN3KdzGrMDjS0EJTdOVhUn65jLinYiNh6XSShpzRCtKKRPeeTKKetj5pt4J6 cKvAP4bGmri+F+tHJskP/zOTda2TPOXx8a/nzUlsXz1WjC74wN+emcoZuQZelZqd 5Eqr5lsQieTOBkQj7l4nIemwalrFi9l5RUhQNHZ44D85oAKgrqa8xxsvH5Hh9N3z TCavuEWFSl7ThIJsjgff8D8poJgs1wfOzBadzam3scZiTOFN5HG6aUNntInqGQSp dsTmaSTp8aE41Qrk9+J5X//CN2t815LMVhcqn33gn3kIWSBBdrVA5/jQuF/gzGN0 zAF7YoQYnJv8+JjKKF8SyR7gkH1irgXoT/K0SLELJzzDYzaLNqab+5/iPhMiW0Cx yxBTk0suqaE= =c0qF -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================= Ubuntu Security Notice USN-4748-1 February 25, 2021 linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. A local attacker could use this to possibly cause a denial of service (system crash). A local attacker could possibly use this to gain unintended write access to read-only memory pages. (CVE-2020-29374) Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event processing backend in the Linux kernel did not properly limit the number of events queued. An attacker in a guest VM could use this to cause a denial of service in the host OS. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-29661) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: linux-image-4.4.0-1088-kvm 4.4.0-1088.97 linux-image-4.4.0-1122-aws 4.4.0-1122.136 linux-image-4.4.0-1146-raspi2 4.4.0-1146.156 linux-image-4.4.0-1150-snapdragon 4.4.0-1150.160 linux-image-4.4.0-203-generic 4.4.0-203.235 linux-image-4.4.0-203-generic-lpae 4.4.0-203.235 linux-image-4.4.0-203-lowlatency 4.4.0-203.235 linux-image-4.4.0-203-powerpc-e500mc 4.4.0-203.235 linux-image-4.4.0-203-powerpc-smp 4.4.0-203.235 linux-image-4.4.0-203-powerpc64-emb 4.4.0-203.235 linux-image-4.4.0-203-powerpc64-smp 4.4.0-203.235 linux-image-aws 4.4.0.1122.127 linux-image-generic 4.4.0.203.209 linux-image-generic-lpae 4.4.0.203.209 linux-image-kvm 4.4.0.1088.86 linux-image-lowlatency 4.4.0.203.209 linux-image-powerpc-e500mc 4.4.0.203.209 linux-image-powerpc-smp 4.4.0.203.209 linux-image-powerpc64-emb 4.4.0.203.209 linux-image-powerpc64-smp 4.4.0.203.209 linux-image-raspi2 4.4.0.1146.146 linux-image-snapdragon 4.4.0.1150.142 linux-image-virtual 4.4.0.203.209 Ubuntu 14.04 ESM: linux-image-4.4.0-1086-aws 4.4.0-1086.90 linux-image-4.4.0-203-generic 4.4.0-203.235~14.04.1 linux-image-4.4.0-203-generic-lpae 4.4.0-203.235~14.04.1 linux-image-4.4.0-203-lowlatency 4.4.0-203.235~14.04.1 linux-image-4.4.0-203-powerpc-e500mc 4.4.0-203.235~14.04.1 linux-image-4.4.0-203-powerpc-smp 4.4.0-203.235~14.04.1 linux-image-4.4.0-203-powerpc64-emb 4.4.0-203.235~14.04.1 linux-image-4.4.0-203-powerpc64-smp 4.4.0-203.235~14.04.1 linux-image-aws 4.4.0.1086.83 linux-image-generic-lpae-lts-xenial 4.4.0.203.177 linux-image-generic-lts-xenial 4.4.0.203.177 linux-image-lowlatency-lts-xenial 4.4.0.203.177 linux-image-powerpc-e500mc-lts-xenial 4.4.0.203.177 linux-image-powerpc-smp-lts-xenial 4.4.0.203.177 linux-image-powerpc64-emb-lts-xenial 4.4.0.203.177 linux-image-powerpc64-smp-lts-xenial 4.4.0.203.177 linux-image-virtual-lts-xenial 4.4.0.203.177 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. 7) - aarch64, noarch, ppc64le 3. 7) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel

Trust: 2.43

sources: NVD: CVE-2020-29661 // JVNDB: JVNDB-2020-014190 // VULMON: CVE-2020-29661 // PACKETSTORM: 161609 // PACKETSTORM: 162253 // PACKETSTORM: 161837 // PACKETSTORM: 162028 // PACKETSTORM: 161551 // PACKETSTORM: 161250 // PACKETSTORM: 161823 // PACKETSTORM: 164812

AFFECTED PRODUCTS

vendor:	linux	model:	kernel	scope:	gte	version:	4.15	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	32	Trust: 1.0
vendor:	netapp	model:	h410c	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	tekelec platform distribution	scope:	lte	version:	7.7.1	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.14.212	Trust: 1.0
vendor:	netapp	model:	8300	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	a400	scope:	eq	version:	-	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.20	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.9.248	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.5	Trust: 1.0
vendor:	netapp	model:	8700	scope:	eq	version:	-	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	5.4.83	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	2.6.26	Trust: 1.0
vendor:	netapp	model:	a700s	scope:	eq	version:	-	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	33	Trust: 1.0
vendor:	oracle	model:	tekelec platform distribution	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.4.248	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	5.5	Trust: 1.0
vendor:	broadcom	model:	fabric operating system	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.10	Trust: 1.0
vendor:	netapp	model:	solidfire baseboard management controller	scope:	eq	version:	-	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.19.163	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	5.9.14	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	linux	model:	kernel	scope:	-	version:	-	Trust: 0.8
vendor:	fedora	model:	fedora	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-014190 // NVD: CVE-2020-29661

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-29661
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-29661
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202012-778
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-29661
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-29661
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2020-29661
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-29661
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2020-29661 // JVNDB: JVNDB-2020-014190 // CNNVD: CNNVD-202012-778 // NVD: CVE-2020-29661

PROBLEMTYPE DATA

problemtype:	CWE-667	Trust: 1.0
problemtype:	CWE-416	Trust: 1.0
problemtype:	Use of freed memory (CWE-416) [NVD evaluation ]	Trust: 0.8
problemtype:	improper lock (CWE-667) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-014190 // NVD: CVE-2020-29661

THREAT TYPE

local

Trust: 0.8

sources: PACKETSTORM: 161551 // PACKETSTORM: 164812 // CNNVD: CNNVD-202012-778

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202012-778

PATCH

title:	Fix ->pgrp locking in tiocspgrp()	url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/	Trust: 0.8
title:	Linux kernel Remediation of resource management error vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=136912	Trust: 0.6
title:	Red Hat: Important: kernel-rt security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210537 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: kernel-alt security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210354 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: kernel security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210558 - Security Advisory	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-29661 log	Trust: 0.1
title:	Amazon Linux 2: ALAS2LIVEPATCH-2021-032	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2LIVEPATCH-2021-032	Trust: 0.1
title:	Amazon Linux 2: ALAS2LIVEPATCH-2021-031	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2LIVEPATCH-2021-031	Trust: 0.1
title:	Amazon Linux 2: ALAS2LIVEPATCH-2021-034	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2LIVEPATCH-2021-034	Trust: 0.1
title:	Amazon Linux 2: ALAS2LIVEPATCH-2021-033	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2LIVEPATCH-2021-033	Trust: 0.1
title:	IBM: Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=d39f316392b1adf4ca22f6ef041af00f	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2021-1477	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1477	Trust: 0.1
title:	Amazon Linux 2: ALAS2KERNEL-5.4-2022-019	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2KERNEL-5.4-2022-019	Trust: 0.1
title:	Debian Security Advisories: DSA-4843-1 linux -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=b95030247235becf9e017bec31e9d503	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2021-1588	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1588	Trust: 0.1
title:	IBM: Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=e9d6f12dfd14652e2bb7e5c28ded162b	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d	Trust: 0.1
title:	https://github.com/lcatro/cve_diff_checker	url:	https://github.com/lcatro/cve_diff_checker	Trust: 0.1
title:	veracode-container-security-finding-parser	url:	https://github.com/vincent-deng/veracode-container-security-finding-parser	Trust: 0.1

sources: VULMON: CVE-2020-29661 // JVNDB: JVNDB-2020-014190 // CNNVD: CNNVD-202012-778

EXTERNAL IDS

db:	NVD	id:	CVE-2020-29661	Trust: 4.1
db:	OPENWALL	id:	OSS-SECURITY/2020/12/10/1	Trust: 2.5
db:	PACKETSTORM	id:	160681	Trust: 1.7
db:	PACKETSTORM	id:	164950	Trust: 1.7
db:	ICS CERT	id:	ICSA-24-074-07	Trust: 0.8
db:	JVN	id:	JVNVU93656033	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-014190	Trust: 0.8
db:	PACKETSTORM	id:	162253	Trust: 0.7
db:	PACKETSTORM	id:	161250	Trust: 0.7
db:	PACKETSTORM	id:	161823	Trust: 0.7
db:	PACKETSTORM	id:	164812	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.0189	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0348	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0377	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0166	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0964	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0791	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2781	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1193	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0837	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2604	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0717	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0589	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1339	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3871	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1093	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0864	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0768	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0924	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3743	Trust: 0.6
db:	PACKETSTORM	id:	162020	Trust: 0.6
db:	PACKETSTORM	id:	162878	Trust: 0.6
db:	PACKETSTORM	id:	161607	Trust: 0.6
db:	PACKETSTORM	id:	161868	Trust: 0.6
db:	PACKETSTORM	id:	161710	Trust: 0.6
db:	PACKETSTORM	id:	161656	Trust: 0.6
db:	PACKETSTORM	id:	161556	Trust: 0.6
db:	CS-HELP	id:	SB2021042135	Trust: 0.6
db:	CS-HELP	id:	SB2021062111	Trust: 0.6
db:	CS-HELP	id:	SB2021052006	Trust: 0.6
db:	CS-HELP	id:	SB2021092209	Trust: 0.6
db:	CNNVD	id:	CNNVD-202012-778	Trust: 0.6
db:	VULMON	id:	CVE-2020-29661	Trust: 0.1
db:	PACKETSTORM	id:	161609	Trust: 0.1
db:	PACKETSTORM	id:	161837	Trust: 0.1
db:	PACKETSTORM	id:	162028	Trust: 0.1
db:	PACKETSTORM	id:	161551	Trust: 0.1

sources: VULMON: CVE-2020-29661 // JVNDB: JVNDB-2020-014190 // PACKETSTORM: 161609 // PACKETSTORM: 162253 // PACKETSTORM: 161837 // PACKETSTORM: 162028 // PACKETSTORM: 161551 // PACKETSTORM: 161250 // PACKETSTORM: 161823 // PACKETSTORM: 164812 // CNNVD: CNNVD-202012-778 // NVD: CVE-2020-29661

REFERENCES

url:	http://www.openwall.com/lists/oss-security/2020/12/10/1	Trust: 2.5
url:	http://packetstormsecurity.com/files/160681/linux-tiocspgrp-broken-locking.html	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 2.3
url:	http://packetstormsecurity.com/files/164950/kernel-live-patch-security-notice-lsn-0082-1.html	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29661	Trust: 2.2
url:	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20210122-0001/	Trust: 1.7
url:	https://www.debian.org/security/2021/dsa-4843	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html	Trust: 1.7
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/mz7oakaefaxqrgbzk4lyuwincd3d2xcl/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bob25su6xul4tnp7kb63wnzsytiyfdpp/	Trust: 1.1
url:	https://jvn.jp/vu/jvnvu93656033/index.html	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-07	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2020-29661	Trust: 0.6
url:	https://bugzilla.redhat.com/):	Trust: 0.6
url:	https://access.redhat.com/security/team/key/	Trust: 0.6
url:	https://access.redhat.com/articles/11258	Trust: 0.6
url:	https://access.redhat.com/security/team/contact/	Trust: 0.6
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.6
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/mz7oakaefaxqrgbzk4lyuwincd3d2xcl/	Trust: 0.6
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bob25su6xul4tnp7kb63wnzsytiyfdpp/	Trust: 0.6
url:	https://packetstormsecurity.com/files/161710/red-hat-security-advisory-2021-0763-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0837	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0717	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-the-linux-kernel-used-in-ibm-elastic-storage-system-3/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/linux-kernel-use-after-free-via-tiocspgrp-34082	Trust: 0.6
url:	https://packetstormsecurity.com/files/161250/red-hat-security-advisory-2021-0354-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3871	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2781	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042135	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092209	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0189/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0377/	Trust: 0.6
url:	https://packetstormsecurity.com/files/161656/red-hat-security-advisory-2021-0719-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/162878/red-hat-security-advisory-2021-2164-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1193	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1093	Trust: 0.6
url:	https://packetstormsecurity.com/files/162253/red-hat-security-advisory-2021-1288-01.html	Trust: 0.6
url:	https://source.android.com/security/bulletin/2021-05-01	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities-4/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052006	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0589	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0864	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0964	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0348/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0924	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0768	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1339	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2604	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021062111	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0791	Trust: 0.6
url:	https://packetstormsecurity.com/files/164812/ubuntu-security-notice-usn-5130-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/161823/red-hat-security-advisory-2021-0862-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0166/	Trust: 0.6
url:	https://packetstormsecurity.com/files/161607/red-hat-security-advisory-2021-0689-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3743	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6525030	Trust: 0.6
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202111-0000001218088197	Trust: 0.6
url:	https://packetstormsecurity.com/files/161556/ubuntu-security-notice-usn-4752-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/161868/red-hat-security-advisory-2021-0940-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/162020/red-hat-security-advisory-2021-1028-01.html	Trust: 0.6
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14351	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-14351	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29660	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/416.html	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/667.html	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0537	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/lcatro/cve_diff_checker	Trust: 0.1
url:	https://alas.aws.amazon.com/al2/alaslivepatch-2021-032.html	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-0444	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25705	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25705	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0686	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-0444	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27364	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20265	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1288	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20265	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-27364	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27365	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-27365	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24394	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25212	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25212	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0878	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24394	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1031	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1122.136	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/4.4.0-203.235	Trust: 0.1
url:	https://usn.ubuntu.com/4748-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1088.97	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27815	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1146.156	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29568	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1150.160	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29374	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0354	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1749	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1749	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15436	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15436	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28374	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0862	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-28374	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5130-1	Trust: 0.1

CREDITS

Red Hat

Trust: 1.2

sources: PACKETSTORM: 161609 // PACKETSTORM: 162253 // PACKETSTORM: 161837 // PACKETSTORM: 162028 // PACKETSTORM: 161250 // PACKETSTORM: 161823 // CNNVD: CNNVD-202012-778

SOURCES

db:	VULMON	id:	CVE-2020-29661
db:	JVNDB	id:	JVNDB-2020-014190
db:	PACKETSTORM	id:	161609
db:	PACKETSTORM	id:	162253
db:	PACKETSTORM	id:	161837
db:	PACKETSTORM	id:	162028
db:	PACKETSTORM	id:	161551
db:	PACKETSTORM	id:	161250
db:	PACKETSTORM	id:	161823
db:	PACKETSTORM	id:	164812
db:	CNNVD	id:	CNNVD-202012-778
db:	NVD	id:	CVE-2020-29661

LAST UPDATE DATE

2024-11-20T20:13:49.741000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-29661	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2020-014190	date:	2024-03-22T07:18:00
db:	CNNVD	id:	CNNVD-202012-778	date:	2023-01-18T00:00:00
db:	NVD	id:	CVE-2020-29661	date:	2023-11-07T03:21:33.210

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-29661	date:	2020-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-014190	date:	2021-08-05T00:00:00
db:	PACKETSTORM	id:	161609	date:	2021-03-02T16:26:19
db:	PACKETSTORM	id:	162253	date:	2021-04-20T16:31:47
db:	PACKETSTORM	id:	161837	date:	2021-03-17T14:26:23
db:	PACKETSTORM	id:	162028	date:	2021-03-30T14:30:08
db:	PACKETSTORM	id:	161551	date:	2021-02-25T15:30:28
db:	PACKETSTORM	id:	161250	date:	2021-02-02T16:11:22
db:	PACKETSTORM	id:	161823	date:	2021-03-17T14:09:30
db:	PACKETSTORM	id:	164812	date:	2021-11-09T16:59:39
db:	CNNVD	id:	CNNVD-202012-778	date:	2020-12-09T00:00:00
db:	NVD	id:	CVE-2020-29661	date:	2020-12-09T17:15:31.807