[Kernel-packages] [Bug 1909486] Re: tiocspgrp()" Privilege Escalation Vulnerability

[Nick Moffitt]

** Description changed:

- A race condition error related to the "tiocspgrp()" function
- (drivers/tty/tty_jobctrl.c) can be exploited to trigger a use-after-free
- and subsequently gain elevated privileges.
+ CVE 2020-29661 https://bugs.launchpad.net/bugs/cve/2020-29661
  
- The vulnerability is reported in versions 5.9.x prior to 5.9.14, 5.4.x
- prior to 5.4.83, 4.19.x prior to 4.19.163, 4.14.x prior to 4.14.212,
- 4.9.x prior to 4.9.248, and 4.4.x prior to 4.4.248.
- 
- Affected Software
- 
- The following software is affected by the described vulnerability.
- Please check the vendor links below to see if exactly your version is
- affected.
- 
- Linux Kernel 4.14.x
- Linux Kernel 4.19.x
- Linux Kernel 4.4.x
- Linux Kernel 4.9.x
- Linux Kernel 5.4.x
- Linux Kernel 5.9.x
- 
- Solution
- 
- Update to a fixed version.
- 
- Versions 5.9.x:
- Update to version 5.9.14 or later.
- 
- Versions 5.4.x:
- Update to version 5.4.83 or later.
- 
- Versions 4.19.x:
- Update to version 4.19.163.
- 
- Versions 4.14.x:
- Update to version 4.14.212.
- 
- Versions 4.9.x:
- Update to version 4.9.248.
- 
- Versions 4.4.x:
- Update to version 4.4.248.
- 
- References
- 
- 1. https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.14 

- 2. https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.83 

- 3. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.163 

- 4. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.212 

- 5. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.248 

- 6. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.248 

- 7. https://bugs.chromium.org/p/project-zero/issues/detail?id=2125 

- 8. 
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc
 

- 
- 
- Detected in Ubuntu 16, which uses 4.4.x kernel.
+ A locking issue was discovered in the tty subsystem of the Linux kernel
+ through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack
+ against TIOCSPGRP, aka CID-54ffccbf053b.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1909486

Title:
  tiocspgrp()" Privilege Escalation Vulnerability

Status in linux package in Ubuntu:
  Confirmed

Bug description:
  CVE 2020-29661 https://bugs.launchpad.net/bugs/cve/2020-29661

  A locking issue was discovered in the tty subsystem of the Linux
  kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-
  free attack against TIOCSPGRP, aka CID-54ffccbf053b.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1909486/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1909486] Re: tiocspgrp()" Privilege Escalation Vulnerability

[Steve Beattie]

** Information type changed from Private Security to Public Security

** Changed in: linux (Ubuntu)
   Status: New => Confirmed

** Changed in: linux (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1909486

Title:
  tiocspgrp()" Privilege Escalation Vulnerability

Status in linux package in Ubuntu:
  Confirmed

Bug description:
  A race condition error related to the "tiocspgrp()" function
  (drivers/tty/tty_jobctrl.c) can be exploited to trigger a use-after-
  free and subsequently gain elevated privileges.

  The vulnerability is reported in versions 5.9.x prior to 5.9.14, 5.4.x
  prior to 5.4.83, 4.19.x prior to 4.19.163, 4.14.x prior to 4.14.212,
  4.9.x prior to 4.9.248, and 4.4.x prior to 4.4.248.

  Affected Software

  The following software is affected by the described vulnerability.
  Please check the vendor links below to see if exactly your version is
  affected.

  Linux Kernel 4.14.x
  Linux Kernel 4.19.x
  Linux Kernel 4.4.x
  Linux Kernel 4.9.x
  Linux Kernel 5.4.x
  Linux Kernel 5.9.x

  Solution

  Update to a fixed version.

  Versions 5.9.x:
  Update to version 5.9.14 or later.

  Versions 5.4.x:
  Update to version 5.4.83 or later.

  Versions 4.19.x:
  Update to version 4.19.163.

  Versions 4.14.x:
  Update to version 4.14.212.

  Versions 4.9.x:
  Update to version 4.9.248.

  Versions 4.4.x:
  Update to version 4.4.248.

  References

  1. https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.14 

  2. https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.83 

  3. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.163 

  4. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.212 

  5. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.248 

  6. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.248 

  7. https://bugs.chromium.org/p/project-zero/issues/detail?id=2125 

  8. 
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc
 


  
  Detected in Ubuntu 16, which uses 4.4.x kernel.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1909486/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp