2112688 – (CVE-2020-36557) CVE-2020-36557 kernel: race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys, causing a use-after-free in con_shutdown().

Bug 2112688 (CVE-2020-36557) - CVE-2020-36557 kernel: race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys, causing a use-after-free in con_shutdown().

Summary: CVE-2020-36557 kernel: race condition between the VT_DISALLOCATE ioctl and cl...

Keywords:
Status:	NEW
Alias:	CVE-2020-36557
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1875585 2112689 2112690 2112691 2112692 2183122 2183123 2183124 2183125
Blocks:	2109700
TreeView+	depends on / blocked

Reported:	2022-07-31 17:10 UTC by Alex
Modified:	2023-09-26 21:55 UTC (History)
CC List:	47 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Alex 2022-07-31 17:10:52 UTC

A use-after-free vulnerability was found in drivers/tty/vt/vt.c in the Linux kernel before 5.6.2.
A race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free in con_shutdown().

Reference:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ca4463bf8438b403596edd0ec961ca0d4fbe0220

Note You need to log in before you can comment on or make changes to this bug.

acaringi
adscvr
airlied
alciregi
bdettelb
bhu
brdeoliv
chwhite
crwood
ddepaula
dvlasenk
hdegoede
hkrzesin
hpa
jarod
jarodwilson
jburrell
jfaracco
jferlan
jforbes
jglisse
jlelli
joe.lawrence
jonathan
josef
jshortt
jstancek
jwboyer
jwyatt
kcarcia
kernel-maint
kernel-mgr
lgoncalv
linville
lzampier
masami256
mchehab
nmurray
ptalbert
qzhao
rvrbovsk
scweaver
steved
tyberry
vkumar
walters
williams