Vulnerability Name:

CVE-2020-9391 (CCN-176767)

Assigned:2020-02-25
Published:2020-02-25
Updated:2022-04-18
Summary:An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation.
CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.0 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-787
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-9391

Source: MLIST
Type: Exploit, Mailing List, Third Party Advisory
[oss-security] 20200225 CVE-2020-9391: Ignoring the top byte of addresses in brk causes heap corruption (AArch64)

Source: MISC
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1797052

Source: XF
Type: UNKNOWN
linux-kernel-cve20209391-dos(176767)

Source: CCN
Type: Linux Kernel GIT Repository
mm: Avoid creating virtual address aliases in brk()/mmap()/mremap()

Source: MISC
Type: Mailing List, Patch, Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dcde237319e626d1ec3c9d8b7613032f0fd4663a

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-3cd64d683c

Source: CCN
Type: oss-sec Mailing List, Tue, 25 Feb 2020 19:04:01 +0100
CVE-2020-9391: Ignoring the top byte of addresses in brk causes heap corruption (AArch64)

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20200313-0003/

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-9391

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:5.4:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version >= 5.5 and <= 5.5.6)

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:31:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
  • OR cpe:/a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:data_availability_services:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:hci_management_node:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:solidfire:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:netapp:h410c:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:5.4:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.5:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.5.6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.bionic:def:202093910000000
    V
    		CVE-2020-9391 on Ubuntu 18.04 LTS (bionic) - medium.
    2020-02-25
    oval:com.ubuntu.xenial:def:202093910000000
    V
    		CVE-2020-9391 on Ubuntu 16.04 LTS (xenial) - medium.
    2020-02-25
    BACK
    linux linux kernel 5.4
    linux linux kernel *
    fedoraproject fedora 31
    netapp active iq unified manager -
    netapp cloud backup -
    netapp data availability services -
    netapp hci management node -
    netapp solidfire -
    netapp steelstore cloud integrated storage -
    netapp h410c firmware -
    netapp h410c -
    linux linux kernel 5.4
    linux linux kernel 5.5
    linux linux kernel 5.5.6