Bug 1918258 (CVE-2020-12658)

Summary: CVE-2020-12658 gssproxy: not unlocking cond_mutex before pthread exit in gp_worker_main() in gp_workers.c
Product: [Other] Security Response Reporter: Marian Rehak <mrehak>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: abokovoy, gdeschner, lnacshon, rharwood, ssorce
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-24 07:05:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1918259, 1918315, 1918316    
Bug Blocks: 1918260    

Description Marian Rehak 2021-01-20 10:51:40 UTC 
gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c.

Reference:

https://github.com/gssapi/gssproxy/commit/cb761412e299ef907f22cd7c4146d50c8a792003
https://github.com/gssapi/gssproxy/compare/v0.8.2...v0.8.3
Comment 1 Marian Rehak 2021-01-20 10:52:05 UTC 
Created gssproxy tracking bugs for this issue:

Affects: fedora-all [bug 1918259]
Comment 3 Robbie Harwood 2021-01-20 15:12:00 UTC 
Hi, we (gssproxy upstream) do not believe this is a CVE and MITRE has marked it as disputed, per our request: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12658

Please do not create trackers that we have to close.
Comment 7 lnacshon 2021-01-25 08:48:44 UTC 
hey @tcullum I agree with the discussion @rharwood, this was my understanding as well
Comment 9 Todd Cullum 2021-01-25 19:31:26 UTC 
External References:

https://github.com/gssapi/gssproxy/commit/cb761412e299ef907f22cd7c4146d50c8a792003#commitcomment-45670376
Comment 10 Todd Cullum 2021-01-25 19:41:43 UTC 
Statement:

Red Hat Product Security does not view this as a security vulnerability because no service will be denied since the bug is triggered on an exit path of the program, which means that the program would already be stopping service and thus a malicious attacker would gain no impact to availability by triggering the bug.