CVE-2020-29661
Summary
| CVE | CVE-2020-29661 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-12-09 17:15:00 UTC |
| Updated | 2023-11-07 03:21:00 UTC |
| Description | A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. |
Risk And Classification
Problem Types: CWE-416 | CWE-667
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Broadcom | Fabric Operating System | - | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 32 | All | All | All |
| Operating System | Fedoraproject | Fedora | 33 | All | All | All |
| Operating System | Fedoraproject | Fedora | 32 | All | All | All |
| Operating System | Fedoraproject | Fedora | 33 | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Hardware | Netapp | 8300 | - | All | All | All |
| Operating System | Netapp | 8300 Firmware | - | All | All | All |
| Hardware | Netapp | 8700 | - | All | All | All |
| Operating System | Netapp | 8700 Firmware | - | All | All | All |
| Hardware | Netapp | A400 | - | All | All | All |
| Operating System | Netapp | A400 Firmware | - | All | All | All |
| Hardware | Netapp | A700s | - | All | All | All |
| Operating System | Netapp | A700s Firmware | - | All | All | All |
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Hardware | Netapp | H410c | - | All | All | All |
| Operating System | Netapp | H410c Firmware | - | All | All | All |
| Hardware | Netapp | Solidfire Baseboard Management Controller | - | All | All | All |
| Operating System | Netapp | Solidfire Baseboard Management Controller Firmware | - | All | All | All |
| Application | Oracle | Tekelec Platform Distribution | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 32 Update: kernel-5.9.14-100.fc32 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] [DLA 2557-1] linux-4.19 security update | MLIST | lists.debian.org | |
| [SECURITY] [DLA 2586-1] linux security update | MLIST | lists.debian.org | |
| Kernel Live Patch Security Notice LSN-0082-1 ≈ Packet Storm | MISC | packetstormsecurity.com | |
| [SECURITY] Fedora 32 Update: kernel-5.9.14-100.fc32 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| oss-security - 2 kernel issues | MLIST | www.openwall.com | Mailing List, Patch, Third Party Advisory |
| Debian -- Security Information -- DSA-4843-1 linux | DEBIAN | www.debian.org | |
| December 2020 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| Oracle Critical Patch Update Advisory - October 2021 | MISC | www.oracle.com | |
| kernel/git/torvalds/linux.git - Linux kernel source tree | MISC | git.kernel.org | Patch, Vendor Advisory |
| [SECURITY] Fedora 33 Update: kernel-5.9.14-200.fc33 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| [SECURITY] Fedora 33 Update: kernel-5.9.14-200.fc33 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Linux TIOCSPGRP Broken Locking ≈ Packet Storm | MISC | packetstormsecurity.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159173 Oracle Enterprise Linux Security Update for kernel (ELSA-2021-9212)
- 239151 Red Hat Update for kernel (RHSA-2021:0856)
- 239164 Red Hat Update for kpatch-patch (RHSA-2021:0940)
- 239174 Red Hat Update for kpatch-patch (RHSA-2021:0862)
- 239180 Red Hat Update for kpatch-patch (RHSA-2021:1031)
- 239182 Red Hat Update for kernel (RHSA-2021:1028)
- 239237 Red Hat Update for kernel (RHSA-2021:1288)
- 239456 Red Hat Update for kernel-rt (RHSA-2021:0774)
- 257070 CentOS Security Update for kernel (CESA-2021:0856)
- 352334 Amazon Linux Security Advisory for kernel-livepatch: ALAS2LIVEPATCH-2021-034
- 352335 Amazon Linux Security Advisory for kernel-livepatch: ALAS2LIVEPATCH-2021-033
- 352336 Amazon Linux Security Advisory for kernel-livepatch: ALAS2LIVEPATCH-2021-032
- 352337 Amazon Linux Security Advisory for kernel-livepatch: ALAS2LIVEPATCH-2021-031
- 353100 Amazon Linux Security Advisory for kernel : ALAC2012-2021-024
- 353101 Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2021-025
- 353102 Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2021-026
- 353132 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-019
- 375284 EulerOS Security Update for kernel (EulerOS-SA-2021-1311)
- 377055 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2021:0027)
- 610338 Google Android Devices May 2021 Security Patch Missing
- 6140025 AWS Bottlerocket Security Update for kernel (GHSA-qh7g-9fpv-vpv5)
- 6140284 AWS Bottlerocket Security Update for kernel (GHSA-qh7g-9fpv-vpv5)
- 670185 EulerOS Security Update for kernel (EulerOS-SA-2021-1684)
- 750376 OpenSUSE Security Update for RT kernel (openSUSE-SU-2021:0242-1)
- 750428 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:0075-1)
- 750434 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:0060-1)
- 900040 CBL-Mariner Linux Security Update for kernel 5.4.91
- 902937 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (3659)
- 905978 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (3659-1)
- 940408 AlmaLinux Security Update for kernel (ALSA-2021:0558)