CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
36.5%
DISPUTED snd_ctl_elem_add in sound/core/control.c in the Linux kernel
through 5.6.3 has a count=info->owner line, which later affects a
private_size*count multiplication for unspecified “interesting side
effects.” NOTE: kernel engineers dispute this finding, because it could be
relevant only if new callers were added that were unfamiliar with the
misuse of the info->owner field to represent data unrelated to the “owner”
concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and
SNDRV_CTL_IOCTL_ELEM_REPLACE, have been designed to misuse the info->owner
field in a safe way.
Author | Note |
---|---|
cascardo | This issue is disputed by upstream, info->owner is used intentionally for that specific API. There is nothing to fix here. |
github.com/torvalds/linux/blob/3b2549a3740efb8af0150415737067d87e466c5b/sound/core/control.c#L1434-L1474
launchpad.net/bugs/cve/CVE-2020-11725
lore.kernel.org/alsa-devel/[email protected]/
nvd.nist.gov/vuln/detail/CVE-2020-11725
security-tracker.debian.org/tracker/CVE-2020-11725
twitter.com/yabbadabbadrew/status/1248632267028582400
www.cve.org/CVERecord?id=CVE-2020-11725
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
36.5%