6.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
13.3%
There is a use-after-free in kernel versions before 5.5 due to a race
condition between the release of ptp_clock and cdev while resource
deallocation. When a (high privileged) process allocates a ptp device file
(like /dev/ptpX) and voluntarily goes to sleep. During this time if the
underlying device is removed, it can cause an exploitable condition as the
process wakes up to terminate and clean all attached files. The system
crashes due to the cdev structure being invalid (as already freed) which is
pointed to by the inode.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-88.88 | UNKNOWN |
ubuntu | 19.10 | noarch | linux | < 5.3.0-40.32 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-185.215 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1060.62 | UNKNOWN |
ubuntu | 19.10 | noarch | linux-aws | < 5.3.0-1011.12 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-aws | < 4.4.0-1074.78) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws | < 4.4.0-1110.121 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws-hwe | < 4.15.0-1060.62~16.04.1 | UNKNOWN |
ubuntu | 19.10 | noarch | linux-azure | < 5.3.0-1013.14 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-azure | < 4.15.0-1071.76 | UNKNOWN |
bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690
launchpad.net/bugs/cve/CVE-2020-10690
lore.kernel.org/linux-fsdevel/[email protected]/T/#u
nvd.nist.gov/vuln/detail/CVE-2020-10690
security-tracker.debian.org/tracker/CVE-2020-10690
ubuntu.com/security/notices/USN-4419-1
www.cve.org/CVERecord?id=CVE-2020-10690
6.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
13.3%