PT-2020-1263 · Linux+8 · Linux Kernel+8

Jann Horn

·

Published

2020-12-04

·

Updated

2024-06-15

·

CVE-2020-29660

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:S/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.9.13
Description A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel. The drivers/tty/tty io.c and drivers/tty/tty jobctrl.c files may allow a read-after-free attack against TIOCGSID. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Recommendations For Linux kernel versions prior to 5.9.13, update to a version 5.9.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable components, such as the tty subsystem, to minimize the risk of exploitation. Avoid using the TIOCGSID functionality in the affected API endpoints until the issue is resolved. At the moment, there is no other information about additional mitigation measures.

Exploit

Fix

Improper Locking

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-667CWE-416

Related Identifiers

ALSA-2021:4356
ALT-PU-2020-3536
ALT-PU-2020-3553
ALT-PU-2020-3556
ALT-PU-2020-3570
ALT-PU-2021-1083
ALT-PU-2021-1105
ALT-PU-2021-1621
ALT-PU-2021-1656
ALT-PU-2021-1739
ALT-PU-2021-1862
ALT-PU-2021-1866
ALT-PU-2021-1870
ASB-A-175451844
BDU:2021-00006
CESA-2021_4140
CESA-2021_4356
CVE-2020-29660
DLA-2557-1
DLA-2586-1
DSA-4843-1
LSN-0082-1
MGASA-2021-0030
MGASA-2021-0031
OESA-2021-1003
OPENSUSE-SU-2021:0060-1
OPENSUSE-SU-2021:0075-1
OPENSUSE-SU-2021:0242-1
OPENSUSE-SU-2021_0060-1
OPENSUSE-SU-2021_0075-1
OPENSUSE-SU-2021_0242-1
OPENSUSE-SU-2024:10728-1
OPENSUSE-SU-2024:13704-1
RHSA-2021:4140
RHSA-2021:4356
RHSA-2021_4140
RHSA-2021_4356
SUSE-RU-2021:14663-1
SUSE-SU-2021:0094-1
SUSE-SU-2021:0095-1
SUSE-SU-2021:0096-1
SUSE-SU-2021:0097-1
SUSE-SU-2021:0098-1
SUSE-SU-2021:0108-1
SUSE-SU-2021:0117-1
SUSE-SU-2021:0118-1
SUSE-SU-2021:0133-1
SUSE-SU-2021:0362-1
SUSE-SU-2021:0367-1
SUSE-SU-2021:0377-1
SUSE-SU-2021:0408-1
SUSE-SU-2021:0434-1
SUSE-SU-2021:0437-1
SUSE-SU-2021:0438-1
SUSE-SU-2021:0452-1
SUSE-SU-2021:14630-1
SUSE-SU-2021_14630-1
USN-4748-1
USN-4749-1
USN-4750-1
USN-4751-1
USN-4752-1
USN-5130-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu