Vulnerability CVE-2020-29369

Vulnerability Name:

CVE-2020-29369 (CCN-188239)

Assigned:

2020-06-30

Published:

2020-06-30

Updated:

2021-02-24

Summary:

An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.

CVSS v3 Severity:

7.0 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-362

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-29369

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[oss-security] 20210210 Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards()

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[oss-security] 20210219 Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards()

Source: MISC
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=2056

Source: CCN
Type: Google Security Research Issue 2056
Linux 4.20: expand_downwards() can race with munmap() page table freeing

Source: MISC
Type: Release Notes, Vendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.11

Source: XF
Type: UNKNOWN
linux-kernel-munmap-dos(188239)

Source: CCN
Type: Linux Kernel GIT Repository
mm/mmap.c: close race between munmap() and expand_upwards()/downwards()

Source: MISC
Type: Patch, Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c

Source: CCN
Type: Packet Storm Security [09-14-2020]
Linux expand_downwards() / munmap() Race Condition

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210115-0001/

Vulnerable Configuration:

Configuration 1:

cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version < 5.7.11)

Configuration 2:

cpe:/a:netapp:hci_management_node:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:solidfire:-:*:*:*:*:*:*:*

OR cpe:/h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

OR cpe:/h:netapp:hci_storage_node:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:5.4:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.5:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.6.0:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.7.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:665	P	Security update for samba (Moderate)	2022-08-03
oval:org.opensuse.security:def:94470	P	(Important)	2022-07-14
oval:org.opensuse.security:def:95028	P	kernel-docs-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3453	P	kernel-azure-5.14.21-150400.12.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3358	P	vorbis-tools-1.4.0-1.53 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94870	P	buildah-1.23.1-150400.1.17 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95078	P	reiserfs-kmp-default-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2960	P	kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3567	P	kernel-default-extra-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95151	P	rsyslog-module-gssapi-8.2106.0-150400.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95083	P	kernel-azure-5.14.21-150400.12.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3398	P	kernel-docs-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94590	P	kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95156	P	spice-gtk-devel-0.39-150400.2.13 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95197	P	kernel-default-extra-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3448	P	reiserfs-kmp-default-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:89	P	kernel-64kb-5.3.18-57.3 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:101583	P	Security update for libsolv, libzypp, zypper (Important)	2022-04-12
oval:org.opensuse.security:def:102280	P	Security update for php7 (Moderate)	2022-03-03
oval:org.opensuse.security:def:101864	P	Security update for netcdf (Important)	2021-12-02
oval:org.opensuse.security:def:102336	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:102335	P	Security update for the Linux Kernel (Important)	2021-10-12
oval:org.opensuse.security:def:96739	P	patch-2.7.6-3.5 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96750	P	procmail-3.22-2.34 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96757	P	python3-paramiko-2.4.2-4.23 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:2036	P	kernel-azure-5.3.18-36.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63102	P	reiserfs-kmp-default-5.3.18-57.3 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2013	P	reiserfs-kmp-default-5.3.18-57.3 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63125	P	kernel-azure-5.3.18-36.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62107	P	kernel-64kb-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101183	P	libcairo2-32bit-1.16.0-1.55 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1018	P	kernel-64kb-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100865	P	kernel-64kb-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63019	P	kernel-docs-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71848	P	kernel-64kb-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1930	P	kernel-docs-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101277	P	kernel-docs-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72738	P	kernel-docs-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101869	P	Security update for java-1_8_0-openjdk (Moderate)	2021-06-17
oval:org.opensuse.security:def:111206	P	Security update for RT kernel (Moderate)	2021-02-05
oval:org.opensuse.security:def:97173	P	Recommended update for RT kernel (Low)	2021-02-04
oval:org.opensuse.security:def:95623	P	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2) (Important)	2020-12-16
oval:org.opensuse.security:def:109002	P	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2) (Important)	2020-12-16
oval:org.opensuse.security:def:68146	P	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2) (Important)	2020-12-16
oval:org.opensuse.security:def:7057	P	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2) (Important)	2020-12-16
oval:org.opensuse.security:def:110918	P	Security update for the Linux Kernel (Important)	2020-12-15
oval:org.opensuse.security:def:95953	P	Security update for the Linux Kernel (Important)	2020-12-11
oval:org.opensuse.security:def:109332	P	Security update for the Linux Kernel (Important)	2020-12-11
oval:org.opensuse.security:def:102666	P	Security update for the Linux Kernel (Important)	2020-12-11
oval:org.opensuse.security:def:68790	P	Security update for the Linux Kernel (Important)	2020-12-11
oval:org.opensuse.security:def:7701	P	Security update for the Linux Kernel (Important)	2020-12-11
oval:org.opensuse.security:def:66697	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:107849	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:10631	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:5608	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:95567	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:108946	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:64447	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:74618	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:67529	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:108249	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:6440	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:95622	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:109001	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:65550	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:96162	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:4461	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:109518	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:68145	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:102852	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:7056	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:70771	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:75765	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:8352	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:96293	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:109631	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:108535	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:102965	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:73569	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:109273	P	Security update for the Linux Kernel (Important)	2020-12-08
oval:org.opensuse.security:def:102607	P	Security update for the Linux Kernel (Important)	2020-12-08
oval:org.opensuse.security:def:68651	P	Security update for the Linux Kernel (Important)	2020-12-08
oval:org.opensuse.security:def:7562	P	Security update for the Linux Kernel (Important)	2020-12-08
oval:org.opensuse.security:def:75760	P	Security update for the Linux Kernel (Important)	2020-12-08
oval:org.opensuse.security:def:108530	P	Security update for the Linux Kernel (Important)	2020-12-08
oval:org.opensuse.security:def:66692	P	Security update for the Linux Kernel (Important)	2020-12-08
oval:org.opensuse.security:def:5603	P	Security update for the Linux Kernel (Important)	2020-12-08
oval:org.opensuse.security:def:95894	P	Security update for the Linux Kernel (Important)	2020-12-08
oval:org.opensuse.security:def:110901	P	Security update for the Linux Kernel (Important)	2020-12-04

BACK