PT-2020-3493 · Linux+5 · Linux Kernel+5

Al Viro

Published

2020-04-21

Updated

2023-10-12

CVE-2020-11884

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions 4.19 through 5.6.7

Description The issue is related to a race condition in the Linux kernel, specifically in the enable sacf uaccess function, which can lead to code execution. This occurs because the function fails to protect against a concurrent page table upgrade. A crash could also occur as a result of this issue. The problem is associated with errors in executing multithreaded tasks.

Recommendations For Linux kernel versions 4.19 through 5.6.7, consider disabling the enable sacf uaccess function as a temporary workaround until a patch is available. Restrict access to the arch/s390/lib/uaccess.c module to minimize the risk of exploitation. Avoid using the enable sacf uaccess function in multithreaded tasks until the issue is resolved.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2020-1896

ALT-PU-2020-1913

ALT-PU-2020-1917

ALT-PU-2020-1928

ALT-PU-2020-1929

ALT-PU-2020-1930

ALT-PU-2020-1945

ALT-PU-2020-2153

ALT-PU-2020-2156

ALT-PU-2020-2164

ALT-PU-2020-3057

ALT-PU-2021-1621

ALT-PU-2021-1656

ALT-PU-2021-1739

ALT-PU-2021-1745

ALT-PU-2021-1862

ALT-PU-2021-1866

ALT-PU-2021-1870

BDU:2020-03819

CESA-2020_2102

CVE-2020-11884

DSA-4667-1

RHSA-2020:2102

RHSA-2020:2199

RHSA-2020:2429

RHSA-2020_2102

USN-4342-1

USN-4343-1

USN-4345-1

Affected Products

Alt Linux

Centos

Linuxmint

Linux Kernel

Red Hat

Ubuntu

PT-2020-3493 · Linux+5 · Linux Kernel+5

CVE-2020-11884

Weakness Enumeration

Related Identifiers

Affected Products

References · 51