Ubuntu.comUB:CVE-2020-29372CVE-2020-29372
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
29.3%
An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel
before 5.6.8. There is a race condition between coredump operations and the
IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 20.04 | noarch | linux-oem-5.6 | < 5.6.0-1010.10 | UNKNOWN |
References
bugs.chromium.org/p/project-zero/issues/detail?id=2029
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8
git.kernel.org/linus/bc0c4d1e176eeb614dc8734fc3ace34292771f11
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc0c4d1e176eeb614dc8734fc3ace34292771f11
launchpad.net/bugs/cve/CVE-2020-29372
nvd.nist.gov/vuln/detail/CVE-2020-29372
security-tracker.debian.org/tracker/CVE-2020-29372
www.cve.org/CVERecord?id=CVE-2020-29372
Related
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
29.3%