exploitDog

CVE-2020-29569

Опубликовано: 15 дек. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 7.2

EPSS Низкий

Описание

An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.

Ссылки

https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202107-30
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210205-0001/
Third Party Advisory
https://www.debian.org/security/2021/dsa-4843
Third Party Advisory
https://xenbits.xenproject.org/xsa/advisory-350.html
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202107-30
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210205-0001/
Third Party Advisory
https://www.debian.org/security/2021/dsa-4843
Third Party Advisory
https://xenbits.xenproject.org/xsa/advisory-350.html
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

Версия до 4.14.1 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.1.44 (включая) до 4.2 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.4.80 (включая) до 4.4.254 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.9.36 (включая) до 4.9.249 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.11.9 (включая) до 4.12 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.12 (включая) до 4.14.213 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.15 (включая) до 4.19.164 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.20 (включая) до 5.4.86 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.5 (включая) до 5.10.4 (исключая)

Конфигурация 3

Одновременно

cpe:2.3:o:netapp:hci_compute_node_bios:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00173

Низкий

8.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-416

Связанные уязвимости

CVE-2020-29569

CVSS3: 8.8

ubuntu

больше 4 лет назад

An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.

CVE-2020-29569

CVSS3: 8.8

msrc

больше 4 лет назад

Описание отсутствует

CVE-2020-29569

CVSS3: 8.8

debian

больше 4 лет назад

An issue was discovered in the Linux kernel through 5.10.1, as used wi ...

GHSA-6676-52pp-h5fg

CVSS3: 8.8

github

около 3 лет назад

An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.

BDU:2021-00014

CVSS3: 8.8

fstec

больше 4 лет назад

Уязвимость ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии или получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 39%

0.00173

Низкий

8.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-416