CVE-2020-13696

Name of the Vulnerable Software and Affected Versions LinuxTV xawtv versions prior to 3.107

Description The issue is related to insufficient checks in the dev open() function, allowing a local attacker to test for the existence of arbitrary files and trigger an open on arbitrary files with mode O RDWR. This can be achieved by adding relative path components to the device path. The vulnerability may allow an attacker to gain unauthorized access to protected information.

Recommendations For LinuxTV xawtv versions prior to 3.107, consider updating to version 3.107 or later to resolve the issue. As a temporary workaround, restrict access to the v4l-conf setuid-root program to minimize the risk of exploitation. Avoid using relative path components in the device path to prevent unintended filesystem access.