PT-2020-5067 · Linux+8 · Linux Kernel+8

Ilya Dryomov

·

Published

2020-09-07

·

Updated

2022-04-28

·

CVE-2020-25284

CVSS v3.1

4.1

Medium

VectorAV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.8.9
Description The issue is related to incomplete permission checking for access to rbd devices in the Linux kernel, which could be exploited by local attackers to map or unmap rbd block devices, potentially allowing privilege escalation.
Recommendations For Linux kernel versions through 5.8.9, update to a version that includes the necessary permission checks for rbd devices to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-732

Related Identifiers

ALSA-2021:1578
ALT-PU-2020-2827
ALT-PU-2020-2888
ALT-PU-2020-3210
ALT-PU-2020-3553
ALT-PU-2021-1083
ALT-PU-2021-1105
ALT-PU-2021-1621
ALT-PU-2021-1656
ALT-PU-2021-1739
ALT-PU-2021-1862
ALT-PU-2021-1866
ALT-PU-2021-1870
BDU:2020-05656
CESA-2021_1578
CESA-2021_1739
CVE-2020-25284
DLA-2385-1
DLA-2420-1
DLA-2420-2
MGASA-2020-0392
OPENSUSE-SU-2020:1586-1
OPENSUSE-SU-2020:1655-1
OPENSUSE-SU-2020_1586-1
OPENSUSE-SU-2020_1655-1
OPENSUSE-SU-2021:0242-1
OPENSUSE-SU-2021_0242-1
RHSA-2021:1578
RHSA-2021:1739
RHSA-2021_1578
RHSA-2021_1739
SUSE-SU-2020:2879-1
SUSE-SU-2020:2904-1
SUSE-SU-2020:2905-1
SUSE-SU-2020:2906-1
SUSE-SU-2020:2907-1
SUSE-SU-2020:2908-1
SUSE-SU-2020:2999-1
SUSE-SU-2020:3014-1
SUSE-SU-2020:3501-1
SUSE-SU-2020:3503-1
SUSE-SU-2020:3532-1
SUSE-SU-2020:3544-1
SUSE-SU-2021:14630-1
SUSE-SU-2021_14630-1
USN-4657-1
USN-4658-1
USN-4658-2
USN-4660-1
USN-4660-2
USN-4752-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu