CVE-2020-14416 — Race Condition in Kernel

CWE-362 — Race Condition CWE-416 — Use After Free9 documents8 sources

Severity

4.2MEDIUMNVD

OSV5.5

EPSS

0.1%

top 74.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Opensuse Leap

Timeline

PublishedJun 18

Latest updateMay 24

Description

In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:HExploitability: 0.6 | Impact: 3.6

Affected Packages4 packages

▶NVDlinux/linux_kernel< 5.4.16

▶Debianlinux/linux_kernel< 5.4.19-1+3

▶Ubuntulinux/linux_kernel< 4.4.0-184.214+2

▶NVDopensuse/leap15.1, 15.2+1

Patches

Patch: bugzilla.suse.com ↗Patch: git.kernel.org ↗Patch: bugzilla.suse.com ↗

🔴Vulnerability Details

GHSA

GHSA-whm7-h297-5ccm: In the Linux kernel before 5↗2022-05-24

▶

OSV

Kernel Live Patch Security Notice↗2020-07-27

▶

CVEList

CVE-2020-14416: In the Linux kernel before 5↗2020-06-18

▶

OSV

CVE-2020-14416: In the Linux kernel before 5↗2020-06-18

▶

📋Vendor Advisories

Ubuntu

Kernel Live Patch Security Notice↗2020-07-27

▶

Red Hat

kernel: slcan : race over tty->disc_data can lead use-after-free↗2020-06-18

▶

Debian

CVE-2020-14416: linux - In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling i...↗2020

▶

💬Community

Bugzilla

CVE-2020-14416 kernel: slcan : race over tty->disc_data can lead use-after-free↗2020-06-23

▶