Common Weakness Enumeration

CWE-362

Allowed-with-Review

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Abstraction: Class · Status: Draft

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

2899 vulnerabilities reference this CWE, most recent first.

CVE-2020-27825 (GCVE-0-2020-27825)

Vulnerability from cvelistv5 – Published: 2020-12-11 17:13 – Updated: 2024-08-04 16:25
VLAI
Summary
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a kernel Affected: before kernel 5.10-rc1
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:25:43.895Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905155"
          },
          {
            "name": "DSA-4843",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4843"
          },
          {
            "name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
          },
          {
            "name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210521-0008/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before kernel 5.10-rc1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362-\u003eCWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-21T08:06:26.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905155"
        },
        {
          "name": "DSA-4843",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4843"
        },
        {
          "name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
        },
        {
          "name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210521-0008/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-27825",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before kernel 5.10-rc1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-362-\u003eCWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1905155",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905155"
            },
            {
              "name": "DSA-4843",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4843"
            },
            {
              "name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
            },
            {
              "name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210521-0008/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210521-0008/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-27825",
    "datePublished": "2020-12-11T17:13:31.000Z",
    "dateReserved": "2020-10-27T00:00:00.000Z",
    "dateUpdated": "2024-08-04T16:25:43.895Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-25668 (GCVE-0-2020-25668)

Vulnerability from cvelistv5 – Published: 2021-05-26 11:11 – Updated: 2024-08-04 15:40
VLAI
Summary
A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a Linux Kernel Affected: 5.9.2
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:40:36.882Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20201030 CVE-2020-25668: Linux kernel concurrency use-after-free in vt",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/10/30/1"
          },
          {
            "name": "[oss-security] 20201104 Re: CVE-2020-25668: Linux kernel concurrency use-after-free in vt",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/11/04/3"
          },
          {
            "name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"
          },
          {
            "name": "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2020/11/04/3%2C"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2020/10/30/1%2C"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893287%2C"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210702-0005/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux Kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "5.9.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 -\u003e CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-02T11:06:20.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20201030 CVE-2020-25668: Linux kernel concurrency use-after-free in vt",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/10/30/1"
        },
        {
          "name": "[oss-security] 20201104 Re: CVE-2020-25668: Linux kernel concurrency use-after-free in vt",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/11/04/3"
        },
        {
          "name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"
        },
        {
          "name": "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2020/11/04/3%2C"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2020/10/30/1%2C"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893287%2C"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210702-0005/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-25668",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Linux Kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.9.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-362 -\u003e CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20201030 CVE-2020-25668: Linux kernel concurrency use-after-free in vt",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/10/30/1"
            },
            {
              "name": "[oss-security] 20201104 Re: CVE-2020-25668: Linux kernel concurrency use-after-free in vt",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/11/04/3"
            },
            {
              "name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"
            },
            {
              "name": "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2020/11/04/3,",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2020/11/04/3,"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2020/10/30/1,",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2020/10/30/1,"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1893287,",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893287,"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210702-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210702-0005/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-25668",
    "datePublished": "2021-05-26T11:11:04.000Z",
    "dateReserved": "2020-09-16T00:00:00.000Z",
    "dateUpdated": "2024-08-04T15:40:36.882Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-25653 (GCVE-0-2020-25653)

Vulnerability from cvelistv5 – Published: 2020-11-26 01:23 – Updated: 2024-08-04 15:40
VLAI
Summary
A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a spice-vdagent Affected: spice-vdagent versions 0.20 and prior
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:40:36.473Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2020/11/04/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886372"
          },
          {
            "name": "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
          },
          {
            "name": "FEDORA-2021-09ce0cdfac",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/"
          },
          {
            "name": "FEDORA-2021-510977db25",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "spice-vdagent",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "spice-vdagent versions 0.20 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362-\u003eCWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-17T06:06:18.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2020/11/04/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886372"
        },
        {
          "name": "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
        },
        {
          "name": "FEDORA-2021-09ce0cdfac",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/"
        },
        {
          "name": "FEDORA-2021-510977db25",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-25653",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "spice-vdagent",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "spice-vdagent versions 0.20 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-362-\u003eCWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openwall.com/lists/oss-security/2020/11/04/1",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2020/11/04/1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1886372",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886372"
            },
            {
              "name": "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
            },
            {
              "name": "FEDORA-2021-09ce0cdfac",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/"
            },
            {
              "name": "FEDORA-2021-510977db25",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-25653",
    "datePublished": "2020-11-26T01:23:16.000Z",
    "dateReserved": "2020-09-16T00:00:00.000Z",
    "dateUpdated": "2024-08-04T15:40:36.473Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-25651 (GCVE-0-2020-25651)

Vulnerability from cvelistv5 – Published: 2020-11-26 01:18 – Updated: 2024-08-04 15:40
VLAI
Summary
A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a spice-vdagent Affected: spice-vdagent versions 0.20 and prior
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:40:36.225Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2020/11/04/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886359"
          },
          {
            "name": "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
          },
          {
            "name": "FEDORA-2021-09ce0cdfac",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/"
          },
          {
            "name": "FEDORA-2021-510977db25",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "spice-vdagent",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "spice-vdagent versions 0.20 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362-\u003eCWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-17T06:06:17.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2020/11/04/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886359"
        },
        {
          "name": "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
        },
        {
          "name": "FEDORA-2021-09ce0cdfac",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/"
        },
        {
          "name": "FEDORA-2021-510977db25",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-25651",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "spice-vdagent",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "spice-vdagent versions 0.20 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-362-\u003eCWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openwall.com/lists/oss-security/2020/11/04/1",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2020/11/04/1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1886359",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886359"
            },
            {
              "name": "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
            },
            {
              "name": "FEDORA-2021-09ce0cdfac",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/"
            },
            {
              "name": "FEDORA-2021-510977db25",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-25651",
    "datePublished": "2020-11-26T01:18:45.000Z",
    "dateReserved": "2020-09-16T00:00:00.000Z",
    "dateUpdated": "2024-08-04T15:40:36.225Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-16123 (GCVE-0-2020-16123)

Vulnerability from cvelistv5 – Published: 2020-12-03 23:15 – Updated: 2024-09-16 19:20
VLAI
Title
Bypass of snapd pulseaudio restrictions
Summary
An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15.
CWE
  • CWE-362 - Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
Assigner
References
URL Tags
https://launchpad.net/bugs/1895928 vendor-advisoryx_refsource_UBUNTU
https://ubuntu.com/USN-4640-1 vendor-advisoryx_refsource_UBUNTU
Impacted products
Vendor Product Version
Canonical pulseaudio Affected: 1:13.99.3-1 , < 1:13.99.3-1ubuntu2 (custom)
Affected: 1:13.99.2-1 , < 1:13.99.2-1ubuntu2.1 (custom)
Affected: 1:13.99.1-1 , < 1:13.99.1-1ubuntu3.8 (custom)
Affected: 1:11.1-1 , < 1:11.1-1ubuntu7.11 (custom)
Affected: 1:8.0-0 , < 1:8.0-0ubuntu3.15 (custom)
Create a notification for this product.
Date Public
2020-11-23 00:00
Credits
James Henstridge
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:37:53.395Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://launchpad.net/bugs/1895928"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/USN-4640-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pulseaudio",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "1:13.99.3-1ubuntu2",
              "status": "affected",
              "version": "1:13.99.3-1",
              "versionType": "custom"
            },
            {
              "lessThan": "1:13.99.2-1ubuntu2.1",
              "status": "affected",
              "version": "1:13.99.2-1",
              "versionType": "custom"
            },
            {
              "lessThan": "1:13.99.1-1ubuntu3.8",
              "status": "affected",
              "version": "1:13.99.1-1",
              "versionType": "custom"
            },
            {
              "lessThan": "1:11.1-1ubuntu7.11",
              "status": "affected",
              "version": "1:11.1-1",
              "versionType": "custom"
            },
            {
              "lessThan": "1:8.0-0ubuntu3.15",
              "status": "affected",
              "version": "1:8.0-0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "James Henstridge"
        }
      ],
      "datePublic": "2020-11-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-03T23:15:20.000Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://launchpad.net/bugs/1895928"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://ubuntu.com/USN-4640-1"
        }
      ],
      "source": {
        "advisory": "https://ubuntu.com/USN-4640-1",
        "defect": [
          "https://launchpad.net/bugs/1895928"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Bypass of snapd pulseaudio restrictions",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2020-11-23T15:43:00.000Z",
          "ID": "CVE-2020-16123",
          "STATE": "PUBLIC",
          "TITLE": "Bypass of snapd pulseaudio restrictions"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "pulseaudio",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "1:13.99.3-1",
                            "version_value": "1:13.99.3-1ubuntu2"
                          },
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "1:13.99.2-1",
                            "version_value": "1:13.99.2-1ubuntu2.1"
                          },
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "1:13.99.1-1",
                            "version_value": "1:13.99.1-1ubuntu3.8"
                          },
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "1:11.1-1",
                            "version_value": "1:11.1-1ubuntu7.11"
                          },
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "1:8.0-0",
                            "version_value": "1:8.0-0ubuntu3.15"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "configuration": [],
        "credit": [
          {
            "lang": "eng",
            "value": "James Henstridge"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15."
            }
          ]
        },
        "exploit": [],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://launchpad.net/bugs/1895928",
              "refsource": "UBUNTU",
              "url": "https://launchpad.net/bugs/1895928"
            },
            {
              "name": "https://ubuntu.com/USN-4640-1",
              "refsource": "UBUNTU",
              "url": "https://ubuntu.com/USN-4640-1"
            }
          ]
        },
        "solution": [],
        "source": {
          "advisory": "https://ubuntu.com/USN-4640-1",
          "defect": [
            "https://launchpad.net/bugs/1895928"
          ],
          "discovery": "INTERNAL"
        },
        "work_around": []
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2020-16123",
    "datePublished": "2020-12-03T23:15:20.305Z",
    "dateReserved": "2020-07-29T00:00:00.000Z",
    "dateUpdated": "2024-09-16T19:20:12.173Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-15707 (GCVE-0-2020-15707)

Vulnerability from cvelistv5 – Published: 2020-07-29 17:45 – Updated: 2024-09-17 03:07
VLAI
Title
GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow.
Summary
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.
CWE
  • CWE-362 - Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
Assigner
Impacted products
Vendor Product Version
Ubuntu grub2 in Ubuntu Affected: 20.04 LTS , < 2.04-1ubuntu26.1 (custom)
Affected: 18.04 LTS , < 2.02-2ubuntu8.16 (custom)
Affected: 16.04 LTS , < 2.02~beta2-36ubuntu3.26 (custom)
Affected: 14.04 ESM , < 2.02~beta2-9ubuntu1.20 (custom)
Create a notification for this product.
Date Public
2020-07-29 00:00
Credits
Colin Watson Chris Coulson
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:22:30.731Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/security/notices/USN-4432-1"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://www.suse.com/support/kb/doc/?id=000019673"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
          },
          {
            "name": "DSA-4735",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4735"
          },
          {
            "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
          },
          {
            "name": "USN-4432-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4432-1/"
          },
          {
            "name": "openSUSE-SU-2020:1169",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
          },
          {
            "name": "openSUSE-SU-2020:1168",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
          },
          {
            "name": "GLSA-202104-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202104-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "grub2 in Ubuntu",
          "vendor": "Ubuntu",
          "versions": [
            {
              "lessThan": "2.04-1ubuntu26.1",
              "status": "affected",
              "version": "20.04 LTS",
              "versionType": "custom"
            },
            {
              "lessThan": "2.02-2ubuntu8.16",
              "status": "affected",
              "version": "18.04 LTS",
              "versionType": "custom"
            },
            {
              "lessThan": "2.02~beta2-36ubuntu3.26",
              "status": "affected",
              "version": "16.04 LTS",
              "versionType": "custom"
            },
            {
              "lessThan": "2.02~beta2-9ubuntu1.20",
              "status": "affected",
              "version": "14.04 ESM",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Colin Watson"
        },
        {
          "lang": "en",
          "value": "Chris Coulson"
        }
      ],
      "datePublic": "2020-07-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-01T01:08:05.000Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/security/notices/USN-4432-1"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://www.suse.com/support/kb/doc/?id=000019673"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
        },
        {
          "name": "DSA-4735",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4735"
        },
        {
          "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
        },
        {
          "name": "USN-4432-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4432-1/"
        },
        {
          "name": "openSUSE-SU-2020:1169",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
        },
        {
          "name": "openSUSE-SU-2020:1168",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
        },
        {
          "name": "GLSA-202104-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202104-05"
        }
      ],
      "source": {
        "advisory": "USN 4432-1",
        "discovery": "INTERNAL"
      },
      "title": "GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow.",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2020-07-29T17:00:00.000Z",
          "ID": "CVE-2020-15707",
          "STATE": "PUBLIC",
          "TITLE": "GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "grub2 in Ubuntu",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "20.04 LTS",
                            "version_value": "2.04-1ubuntu26.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.04 LTS",
                            "version_value": "2.02-2ubuntu8.16"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "16.04 LTS",
                            "version_value": "2.02~beta2-36ubuntu3.26"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "14.04 ESM",
                            "version_value": "2.02~beta2-9ubuntu1.20"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Ubuntu"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Colin Watson"
          },
          {
            "lang": "eng",
            "value": "Chris Coulson"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/",
              "refsource": "CONFIRM",
              "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
            },
            {
              "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass",
              "refsource": "UBUNTU",
              "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
            },
            {
              "name": "http://ubuntu.com/security/notices/USN-4432-1",
              "refsource": "UBUNTU",
              "url": "http://ubuntu.com/security/notices/USN-4432-1"
            },
            {
              "name": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
            },
            {
              "name": "https://access.redhat.com/security/vulnerabilities/grub2bootloader",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
            },
            {
              "name": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/",
              "refsource": "SUSE",
              "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
            },
            {
              "name": "https://www.suse.com/support/kb/doc/?id=000019673",
              "refsource": "SUSE",
              "url": "https://www.suse.com/support/kb/doc/?id=000019673"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2020/07/29/3",
              "refsource": "CONFIRM",
              "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
            },
            {
              "name": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html",
              "refsource": "CONFIRM",
              "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
            },
            {
              "name": "DSA-4735",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4735"
            },
            {
              "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200731-0008/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
            },
            {
              "name": "USN-4432-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4432-1/"
            },
            {
              "name": "openSUSE-SU-2020:1169",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
            },
            {
              "name": "openSUSE-SU-2020:1168",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
            },
            {
              "name": "GLSA-202104-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202104-05"
            }
          ]
        },
        "source": {
          "advisory": "USN 4432-1",
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2020-15707",
    "datePublished": "2020-07-29T17:45:34.577Z",
    "dateReserved": "2020-07-14T00:00:00.000Z",
    "dateUpdated": "2024-09-17T03:07:49.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-15706 (GCVE-0-2020-15706)

Vulnerability from cvelistv5 – Published: 2020-07-29 17:45 – Updated: 2024-09-16 22:20
VLAI
Title
GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing.
Summary
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.
CWE
  • CWE-362 - Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
Assigner
Impacted products
Vendor Product Version
Ubuntu grub2 in Ubuntu Affected: 20.04 LTS , < 2.04-1ubuntu26.1 (custom)
Affected: 18.04 LTS , < 2.02-2ubuntu8.16 (custom)
Affected: 16.04 LTS , < 2.02~beta2-36ubuntu3.26 (custom)
Affected: 14.04 ESM , < 2.02~beta2-9ubuntu1.20 (custom)
Create a notification for this product.
Date Public
2020-07-29 00:00
Credits
Chris Coulson
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:22:30.808Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/security/notices/USN-4432-1"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://www.suse.com/support/kb/doc/?id=000019673"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
          },
          {
            "name": "DSA-4735",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4735"
          },
          {
            "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
          },
          {
            "name": "USN-4432-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4432-1/"
          },
          {
            "name": "openSUSE-SU-2020:1169",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
          },
          {
            "name": "openSUSE-SU-2020:1168",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
          },
          {
            "name": "GLSA-202104-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202104-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "grub2 in Ubuntu",
          "vendor": "Ubuntu",
          "versions": [
            {
              "lessThan": "2.04-1ubuntu26.1",
              "status": "affected",
              "version": "20.04 LTS",
              "versionType": "custom"
            },
            {
              "lessThan": "2.02-2ubuntu8.16",
              "status": "affected",
              "version": "18.04 LTS",
              "versionType": "custom"
            },
            {
              "lessThan": "2.02~beta2-36ubuntu3.26",
              "status": "affected",
              "version": "16.04 LTS",
              "versionType": "custom"
            },
            {
              "lessThan": "2.02~beta2-9ubuntu1.20",
              "status": "affected",
              "version": "14.04 ESM",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Chris Coulson"
        }
      ],
      "datePublic": "2020-07-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-01T01:08:01.000Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/security/notices/USN-4432-1"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://www.suse.com/support/kb/doc/?id=000019673"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
        },
        {
          "name": "DSA-4735",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4735"
        },
        {
          "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
        },
        {
          "name": "USN-4432-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4432-1/"
        },
        {
          "name": "openSUSE-SU-2020:1169",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
        },
        {
          "name": "openSUSE-SU-2020:1168",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
        },
        {
          "name": "GLSA-202104-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202104-05"
        }
      ],
      "source": {
        "advisory": "USN 4432-1",
        "discovery": "INTERNAL"
      },
      "title": "GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing.",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2020-07-29T17:00:00.000Z",
          "ID": "CVE-2020-15706",
          "STATE": "PUBLIC",
          "TITLE": "GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "grub2 in Ubuntu",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "20.04 LTS",
                            "version_value": "2.04-1ubuntu26.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.04 LTS",
                            "version_value": "2.02-2ubuntu8.16"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "16.04 LTS",
                            "version_value": "2.02~beta2-36ubuntu3.26"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "14.04 ESM",
                            "version_value": "2.02~beta2-9ubuntu1.20"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Ubuntu"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Chris Coulson"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/",
              "refsource": "CONFIRM",
              "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
            },
            {
              "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass",
              "refsource": "UBUNTU",
              "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
            },
            {
              "name": "http://ubuntu.com/security/notices/USN-4432-1",
              "refsource": "UBUNTU",
              "url": "http://ubuntu.com/security/notices/USN-4432-1"
            },
            {
              "name": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
            },
            {
              "name": "https://access.redhat.com/security/vulnerabilities/grub2bootloader",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
            },
            {
              "name": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/",
              "refsource": "SUSE",
              "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
            },
            {
              "name": "https://www.suse.com/support/kb/doc/?id=000019673",
              "refsource": "SUSE",
              "url": "https://www.suse.com/support/kb/doc/?id=000019673"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2020/07/29/3",
              "refsource": "CONFIRM",
              "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
            },
            {
              "name": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html",
              "refsource": "CONFIRM",
              "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
            },
            {
              "name": "DSA-4735",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4735"
            },
            {
              "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200731-0008/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
            },
            {
              "name": "USN-4432-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4432-1/"
            },
            {
              "name": "openSUSE-SU-2020:1169",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
            },
            {
              "name": "openSUSE-SU-2020:1168",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
            },
            {
              "name": "GLSA-202104-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202104-05"
            }
          ]
        },
        "source": {
          "advisory": "USN 4432-1",
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2020-15706",
    "datePublished": "2020-07-29T17:45:33.975Z",
    "dateReserved": "2020-07-14T00:00:00.000Z",
    "dateUpdated": "2024-09-16T22:20:56.598Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-10737 (GCVE-0-2020-10737)

Vulnerability from cvelistv5 – Published: 2020-05-27 00:00 – Updated: 2024-08-04 11:14
VLAI
Summary
A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory's unprivileged user.
CWE
Assigner
Impacted products
Vendor Product Version
Red Hat oddjob Affected: before 0.34.5
Affected: before 0.34.6
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:14:14.865Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10737"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac?branch"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "oddjob",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "before 0.34.5"
            },
            {
              "status": "affected",
              "version": "before 0.34.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home\u0027s user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory\u0027s unprivileged user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10737"
        },
        {
          "url": "https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac?branch"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-10737",
    "datePublished": "2020-05-27T00:00:00.000Z",
    "dateReserved": "2020-03-20T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:14:14.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-10684 (GCVE-0-2020-10684)

Vulnerability from cvelistv5 – Published: 2020-03-24 00:00 – Updated: 2024-08-04 11:06
VLAI
Summary
A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.
Assigner
Impacted products
Vendor Product Version
Red Hat Ansible Affected: all Ansible 2.7.x versions prior to 2.7.17
Affected: all Ansible 2.8.x versions prior to 2.8.9
Affected: all Ansible 2.9.x versions prior to 2.9.6
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:06:10.659Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2020-1b6ce91e37",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/"
          },
          {
            "name": "FEDORA-2020-3990f03ba3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/"
          },
          {
            "name": "FEDORA-2020-f80154b5b4",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/"
          },
          {
            "name": "GLSA-202006-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202006-11"
          },
          {
            "name": "DSA-4950",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4950"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10684"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Ansible",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "all Ansible 2.7.x versions prior to 2.7.17"
            },
            {
              "status": "affected",
              "version": "all Ansible 2.8.x versions prior to 2.8.9"
            },
            {
              "status": "affected",
              "version": "all Ansible 2.9.x versions prior to 2.9.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.9,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2020-1b6ce91e37",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/"
        },
        {
          "name": "FEDORA-2020-3990f03ba3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/"
        },
        {
          "name": "FEDORA-2020-f80154b5b4",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/"
        },
        {
          "name": "GLSA-202006-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202006-11"
        },
        {
          "name": "DSA-4950",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4950"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10684"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-10684",
    "datePublished": "2020-03-24T00:00:00.000Z",
    "dateReserved": "2020-03-20T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:06:10.659Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-3353 (GCVE-0-2020-3353)

Vulnerability from cvelistv5 – Published: 2020-06-03 17:56 – Updated: 2024-11-15 17:09
VLAI
Title
Cisco Identity Services Engine Denial of Service Vulnerability
Summary
A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a race condition that may occur when syslog messages are processed. An attacker could exploit this vulnerability by sending a high rate of syslog messages to an affected device. A successful exploit could allow the attacker to cause the Application Server process to crash, resulting in a DoS condition.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
Impacted products
Date Public
2020-06-03 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:30:58.218Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200603 Cisco Identity Services Engine Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-dos-qNzq39K7"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3353",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:27:43.991816Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:09:59.724Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Identity Services Engine Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-06-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a race condition that may occur when syslog messages are processed. An attacker could exploit this vulnerability by sending a high rate of syslog messages to an affected device. A successful exploit could allow the attacker to cause the Application Server process to crash, resulting in a DoS condition."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-03T17:56:42.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200603 Cisco Identity Services Engine Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-dos-qNzq39K7"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ise-dos-qNzq39K7",
        "defect": [
          [
            "CSCvk35625"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Identity Services Engine Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-06-03T16:00:00",
          "ID": "CVE-2020-3353",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Identity Services Engine Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Identity Services Engine Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a race condition that may occur when syslog messages are processed. An attacker could exploit this vulnerability by sending a high rate of syslog messages to an affected device. A successful exploit could allow the attacker to cause the Application Server process to crash, resulting in a DoS condition."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "5.9",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-362"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200603 Cisco Identity Services Engine Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-dos-qNzq39K7"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ise-dos-qNzq39K7",
          "defect": [
            [
              "CSCvk35625"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3353",
    "datePublished": "2020-06-03T17:56:42.362Z",
    "dateReserved": "2019-12-12T00:00:00.000Z",
    "dateUpdated": "2024-11-15T17:09:59.724Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

In languages that support it, use synchronization primitives. Only wrap these around critical code to minimize the impact on performance.

Mitigation
Architecture and Design

Use thread-safe capabilities such as the data access abstraction in Spring.

Mitigation
Architecture and Design
  • Minimize the usage of shared resources in order to remove as much complexity as possible from the control flow and to reduce the likelihood of unexpected conditions occurring.
  • Additionally, this will minimize the amount of synchronization necessary and may even help to reduce the likelihood of a denial of service where an attacker may be able to repeatedly trigger a critical section (CWE-400).
Mitigation
Implementation

When using multithreading and operating on shared variables, only use thread-safe functions.

Mitigation
Implementation

Use atomic operations on shared variables. Be wary of innocent-looking constructs such as "x++". This may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read, followed by a computation, followed by a write.

Mitigation
Implementation

Use a mutex if available, but be sure to avoid related weaknesses such as CWE-412.

Mitigation
Implementation

Avoid double-checked locking (CWE-609) and other implementation errors that arise when trying to avoid the overhead of synchronization.

Mitigation
Implementation

Disable interrupts or signals over critical parts of the code, but also make sure that the code does not go into a large or infinite loop.

Mitigation
Implementation

Use the volatile type modifier for critical variables to avoid unexpected compiler optimization or reordering. This does not necessarily solve the synchronization problem, but it can help.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

CAPEC-26: Leveraging Race Conditions

The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.

CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.