Bug 1906525 (CVE-2020-29661) - CVE-2020-29661 kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free
Summary: CVE-2020-29661 kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-29661
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1906526 1908191 1908192 1908193 1908194 1908195 1908196 1908197 1908198 1908199 1908200 1908201 1908202 1908203 1908204 1908205 1908206 1908207 1908208 1908209 1908210 1908241 1908242 1908243 1908244 1908245 1908246 1935468 1948465
Blocks: 1906527
TreeView+ depends on / blocked
 
Reported: 2020-12-10 17:42 UTC by Guilherme de Almeida Suckevicz
Modified: 2021-06-01 08:45 UTC (History)
51 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Clone Of:
Environment:
Last Closed: 2021-02-02 14:42:03 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:0354 0 None None None 2021-02-02 10:11:45 UTC
Red Hat Product Errata RHSA-2021:0537 0 None None None 2021-02-16 14:25:43 UTC
Red Hat Product Errata RHSA-2021:0558 0 None None None 2021-02-16 14:38:20 UTC
Red Hat Product Errata RHSA-2021:0686 0 None None None 2021-03-02 10:42:12 UTC
Red Hat Product Errata RHSA-2021:0689 0 None None None 2021-03-02 10:43:40 UTC
Red Hat Product Errata RHSA-2021:0763 0 None None None 2021-03-09 09:35:03 UTC
Red Hat Product Errata RHSA-2021:0765 0 None None None 2021-03-09 11:10:08 UTC
Red Hat Product Errata RHSA-2021:0774 0 None None None 2021-03-09 10:22:57 UTC
Red Hat Product Errata RHSA-2021:0856 0 None None None 2021-03-16 13:51:28 UTC
Red Hat Product Errata RHSA-2021:0857 0 None None None 2021-03-16 13:52:20 UTC
Red Hat Product Errata RHSA-2021:0862 0 None None None 2021-03-16 13:54:41 UTC
Red Hat Product Errata RHSA-2021:0878 0 None None None 2021-03-16 14:53:45 UTC
Red Hat Product Errata RHSA-2021:0940 0 None None None 2021-03-18 16:45:29 UTC

Description Guilherme de Almeida Suckevicz 2020-12-10 17:42:01 UTC
A locking issue was discovered in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c which could allow an attacker with a local account to possibly corrupt memory or escalate privileges. 

Reference and upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc

Comment 1 Guilherme de Almeida Suckevicz 2020-12-10 17:42:39 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1906526]

Comment 6 Petr Matousek 2020-12-15 15:55:31 UTC
Mitigation:

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Comment 11 errata-xmlrpc 2021-02-02 10:11:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:0354 https://access.redhat.com/errata/RHSA-2021:0354

Comment 12 Product Security DevOps Team 2021-02-02 14:42:03 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-29661

Comment 13 errata-xmlrpc 2021-02-16 14:25:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:0537 https://access.redhat.com/errata/RHSA-2021:0537

Comment 14 errata-xmlrpc 2021-02-16 14:38:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:0558 https://access.redhat.com/errata/RHSA-2021:0558

Comment 15 errata-xmlrpc 2021-03-02 10:42:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:0686 https://access.redhat.com/errata/RHSA-2021:0686

Comment 16 errata-xmlrpc 2021-03-02 10:43:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:0689 https://access.redhat.com/errata/RHSA-2021:0689

Comment 20 errata-xmlrpc 2021-03-09 09:34:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:0763 https://access.redhat.com/errata/RHSA-2021:0763

Comment 21 errata-xmlrpc 2021-03-09 10:22:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:0774 https://access.redhat.com/errata/RHSA-2021:0774

Comment 22 errata-xmlrpc 2021-03-09 11:09:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:0765 https://access.redhat.com/errata/RHSA-2021:0765

Comment 23 errata-xmlrpc 2021-03-16 13:51:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:0856 https://access.redhat.com/errata/RHSA-2021:0856

Comment 24 errata-xmlrpc 2021-03-16 13:52:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:0857 https://access.redhat.com/errata/RHSA-2021:0857

Comment 25 errata-xmlrpc 2021-03-16 13:54:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:0862 https://access.redhat.com/errata/RHSA-2021:0862

Comment 26 errata-xmlrpc 2021-03-16 14:53:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2021:0878 https://access.redhat.com/errata/RHSA-2021:0878

Comment 28 errata-xmlrpc 2021-03-18 16:45:14 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2021:0940 https://access.redhat.com/errata/RHSA-2021:0940

Comment 29 errata-xmlrpc 2021-03-30 09:28:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Extended Update Support

Via RHSA-2021:1028 https://access.redhat.com/errata/RHSA-2021:1028

Comment 30 errata-xmlrpc 2021-03-30 09:29:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Extended Update Support

Via RHSA-2021:1031 https://access.redhat.com/errata/RHSA-2021:1031

Comment 32 errata-xmlrpc 2021-04-20 15:12:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support

Via RHSA-2021:1288 https://access.redhat.com/errata/RHSA-2021:1288

Comment 33 errata-xmlrpc 2021-06-01 08:45:04 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2021:2164 https://access.redhat.com/errata/RHSA-2021:2164


Note You need to log in before you can comment on or make changes to this bug.