Lucene search

K
osvGoogleOSV:USN-5130-1
HistoryNov 09, 2021 - 3:20 a.m.

linux vulnerabilities

2021-11-0903:20:29
Google
osv.dev
5

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.9%

Jann Horn discovered a race condition in the tty subsystem of the Linux
kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after-
free vulnerability. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-29661)

Jann Horn discovered that the tty subsystem of the Linux kernel did not use
consistent locking in some situations, leading to a read-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information (kernel memory).
(CVE-2020-29660)