** Description changed: - A race condition error related to the "tiocspgrp()" function - (drivers/tty/tty_jobctrl.c) can be exploited to trigger a use-after-free - and subsequently gain elevated privileges. + CVE 2020-29661 https://bugs.launchpad.net/bugs/cve/2020-29661 - The vulnerability is reported in versions 5.9.x prior to 5.9.14, 5.4.x - prior to 5.4.83, 4.19.x prior to 4.19.163, 4.14.x prior to 4.14.212, - 4.9.x prior to 4.9.248, and 4.4.x prior to 4.4.248. - - Affected Software - - The following software is affected by the described vulnerability. - Please check the vendor links below to see if exactly your version is - affected. - - Linux Kernel 4.14.x - Linux Kernel 4.19.x - Linux Kernel 4.4.x - Linux Kernel 4.9.x - Linux Kernel 5.4.x - Linux Kernel 5.9.x - - Solution - - Update to a fixed version. - - Versions 5.9.x: - Update to version 5.9.14 or later. - - Versions 5.4.x: - Update to version 5.4.83 or later. - - Versions 4.19.x: - Update to version 4.19.163. - - Versions 4.14.x: - Update to version 4.14.212. - - Versions 4.9.x: - Update to version 4.9.248. - - Versions 4.4.x: - Update to version 4.4.248. - - References - - 1. https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.14 <https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.14> - 2. https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.83 <https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.83> - 3. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.163 <https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.163> - 4. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.212 <https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.212> - 5. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.248 <https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.248> - 6. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.248 <https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.248> - 7. https://bugs.chromium.org/p/project-zero/issues/detail?id=2125 <https://bugs.chromium.org/p/project-zero/issues/detail?id=2125> - 8. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc <https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc> - - - Detected in Ubuntu 16, which uses 4.4.x kernel. + A locking issue was discovered in the tty subsystem of the Linux kernel + through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack + against TIOCSPGRP, aka CID-54ffccbf053b.
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1909486 Title: tiocspgrp()" Privilege Escalation Vulnerability Status in linux package in Ubuntu: Confirmed Bug description: CVE 2020-29661 https://bugs.launchpad.net/bugs/cve/2020-29661 A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after- free attack against TIOCSPGRP, aka CID-54ffccbf053b. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1909486/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp