Bug 1908249 (CVE-2021-20200)
| Summary: | CVE-2021-20200 kernel: close race between munmap() and expand_upwards()/downwards() | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | acaringi, adscvr, airlied, alciregi, aquini, asavkov, bhu, blc, bmasney, brdeoliv, bskeggs, carnil, chwhite, dhoward, dramseur, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, itamar, jarodwilson, jeremy, jforbes, jglisse, jhunter, jlelli, joe.lawrence, jonathan, josef, jpoimboe, jross, jshortt, jstancek, jthierry, jwboyer, kcarcia, kernel-maint, kernel-mgr, kmitts, kpatch-maint, lgoncalv, linville, masami256, mchehab, mcressma, mgala, mjudeiki, mlangsdo, nmurray, ptalbert, qzhao, rhandlin, rkeshri, rt-maint, rvrbovsk, security-response-team, steved, walters, williams, ycote |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the Linux kernel. A race condition in mm/mmap.c in VMA access could allow a local attacker with user privileges to crash the system or lead to information leakage. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-02-20 15:18:18 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1923527, 1923528, 1923529, 1923530, 1923604, 1927204, 1927205, 1927206, 1927207, 1927208, 1927213, 1927214, 1927215, 1927216, 1927217, 1927218, 1927219, 1927220, 1927221, 1927222, 1927223, 1927224, 1927225, 1927226, 1927228, 1927229, 1927300, 1927308, 1929970 | ||
| Bug Blocks: | 1878928, 1921679 | ||
|
Description
Dhananjay Arunesh
2020-12-16 08:22:10 UTC
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Hi The CVE-2021-20200 is a duplicate AFAICS from an already assigned CVE-2020-29369. See https://bugs.chromium.org/p/project-zero/issues/detail?id=2056 where it was assigned. Regards, Salvatore For reference see as well: https://bugzilla.redhat.com/show_bug.cgi?id=1903262 In reply to comment #13: > Hi > > The CVE-2021-20200 is a duplicate AFAICS from an already assigned > CVE-2020-29369. > > See https://bugs.chromium.org/p/project-zero/issues/detail?id=2056 where it > was assigned. > > Regards, > Salvatore Hello Salvatore, thank you for this information. After reviewing the source, It has come to our attention that this is a duplicate of CVE-2020-29369 which is already there, and we are revoking this. Regards, Rohit Statement: Red Hat Product Security does not consider this to be a vulnerability. |