PT-2020-1262 · Linux+8 · Linux Kernel+8

Published

2020-12-04

·

Updated

2024-06-15

·

CVE-2020-29661

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.9.13
Description The issue is related to a locking problem in the tty subsystem of the Linux kernel, which allows a use-after-free attack against TIOCSPGRP. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. The vulnerability is associated with the drivers/tty/tty jobctrl.c component and involves a race condition that can be exploited to gain unauthorized access.
Recommendations For Linux kernel versions prior to 5.9.13, update to a version 5.9.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable TIOCSPGRP ioctl handler in the tty subsystem until a patch is available. Avoid using the TIOCSPGRP ioctl handler in the affected API endpoint until the issue is resolved.

Exploit

Fix

Improper Locking

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-667CWE-416

Related Identifiers

ALSA-2021:0558
ALT-PU-2020-3509
ALT-PU-2020-3535
ALT-PU-2020-3536
ALT-PU-2020-3553
ALT-PU-2020-3556
ALT-PU-2020-3570
ALT-PU-2021-1083
ALT-PU-2021-1093
ALT-PU-2021-1105
ALT-PU-2021-1128
ALT-PU-2021-1141
ALT-PU-2021-1211
ALT-PU-2021-1531
ALT-PU-2021-1840
ALT-PU-2021-3430
ASB-A-175451802
BDU:2021-00005
CESA-2021_0537
CESA-2021_0558
CESA-2021_0856
CVE-2020-29661
DLA-2557-1
DLA-2586-1
DSA-4843-1
LSN-0082-1
MGASA-2021-0030
MGASA-2021-0031
OESA-2021-1003
OPENSUSE-SU-2021:0060-1
OPENSUSE-SU-2021:0075-1
OPENSUSE-SU-2021:0242-1
OPENSUSE-SU-2021_0060-1
OPENSUSE-SU-2021_0075-1
OPENSUSE-SU-2021_0242-1
OPENSUSE-SU-2024:10728-1
OPENSUSE-SU-2024:13704-1
RHSA-2021:0354
RHSA-2021:0537
RHSA-2021:0558
RHSA-2021:0686
RHSA-2021:0689
RHSA-2021:0763
RHSA-2021:0765
RHSA-2021:0774
RHSA-2021:0856
RHSA-2021:0857
RHSA-2021:0862
RHSA-2021:0878
RHSA-2021:0940
RHSA-2021:1028
RHSA-2021:1031
RHSA-2021:1288
RHSA-2021:2164
RHSA-2021_0537
RHSA-2021_0558
RHSA-2021_0856
RHSA-2021_0857
RHSA-2021_1288
SUSE-RU-2021:14663-1
SUSE-SU-2021:0094-1
SUSE-SU-2021:0095-1
SUSE-SU-2021:0096-1
SUSE-SU-2021:0097-1
SUSE-SU-2021:0098-1
SUSE-SU-2021:0108-1
SUSE-SU-2021:0117-1
SUSE-SU-2021:0118-1
SUSE-SU-2021:0133-1
SUSE-SU-2021:0362-1
SUSE-SU-2021:0367-1
SUSE-SU-2021:0377-1
SUSE-SU-2021:0408-1
SUSE-SU-2021:0434-1
SUSE-SU-2021:0437-1
SUSE-SU-2021:0438-1
SUSE-SU-2021:0452-1
SUSE-SU-2021:14630-1
SUSE-SU-2021_14630-1
USN-4748-1
USN-4749-1
USN-4750-1
USN-4751-1
USN-4752-1
USN-5130-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu