CVE-2020-29534 — Incorrect Privilege Assignment in Kernel

CWE-266 — Incorrect Privilege Assignment8 documents7 sources

Severity

7.8HIGHNVD

OSV5.5

EPSS

0.0%

top 87.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Msrc CM1 Kernel 5.4.91-1 ON CBL Mariner 1.0

Timeline

PublishedDec 3

Latest updateMay 24

Description

An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDlinux/linux_kernel5.1 — 5.8.18+2

▶Debianlinux/linux_kernel< 5.9.6-1+3

▶debiandebian/linux< linux 5.9.6-1 (bookworm)

▶msrcmsrc/cm1_kernel_5.4.91-1_on_cbl_mariner_1.0

Patches

Patch: bugs.chromium.org ↗Patch: cdn.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-6pj8-q9pf-wvp7: An issue was discovered in the Linux kernel before 5↗2022-05-24

▶

OSV

linux, linux-hwe-5.8, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, linux-raspi vulnerabilities↗2021-01-06

▶

OSV

CVE-2020-29534: An issue was discovered in the Linux kernel before 5↗2020-12-03

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2021-01-06

▶

Microsoft

An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request causing execve() to incorrectly optimize↗2020-12-08

▶

Red Hat

kernel: io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd() allowing for privileges escalation↗2020-12-03

▶

Debian

CVE-2020-29534: linux - An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-r...↗2020

▶