Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-29371
HistoryNov 28, 2020 - 12:00 a.m.

CVE-2020-29371

2020-11-2800:00:00
ubuntu.com
ubuntu.com
13

0.001 Low

EPSS

Percentile

26.3%

An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the
Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka
CID-bcf85fcedfdd.

Notes

Author Note
sbeattie according to Jann Horn’s post, the sample exploit does not work at least in 20.04/focal due to heap zeroing being enabled. The concern about udisks2 is real, however.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-121.123UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-51.56UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-193.224UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1086.91UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1028.29UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1081.85) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1117.131UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< 5.4.0-1028.29~18.04.1UNKNOWN
ubuntu16.04noarchlinux-aws-hwe< 4.15.0-1085.90~16.04.1UNKNOWN
ubuntu20.04noarchlinux-azure< 5.4.0-1031.32UNKNOWN
Rows per page:
1-10 of 451