Main Vulnerability Database SB2020050519

SB2020050519 - Race condition in Linux kernel

Published: May 5, 2020 Updated: May 21, 2020

Security Bulletin ID SB2020050519

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Race condition (CVE-ID: CVE-2020-12652)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the "__mptctl_ioctl" function in "drivers/message/fusion/mptctl.c" file. A local administrator can hold an incorrect lock during the ioctl operation, trigger the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.14
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28d76df18f0ad5bcf5fa48510b225f0ed262a99b
https://github.com/torvalds/linux/commit/28d76df18f0ad5bcf5fa48510b225f0ed262a99b