CVE-2020-10690

CVSS v3.1 6.4 (Medium)

CVSS v2.0 4.4 (Medium)

EPSS 0.04 % (15^th)

Affected Products 33

Advisories 23

There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2020-05-08 15:15:11
(4 years ago)
Updated Date: 2023-11-07 03:14:12
(10 months ago)

Affected Products

Netapp

Opensuse

Leap

Redhat

Enterprise Linux

Configuration #1

		CPE23	From	Up To
	Linux Kernel prior 5.5 version	cpe:2.3:o:linux:linux_kernel		< 5.5

Configuration #2

		CPE23	From	Up To
	Redhat Enterprise Linux 7.0	cpe:2.3:o:redhat:enterprise_linux:7.0
	Redhat Enterprise Linux 8.0	cpe:2.3:o:redhat:enterprise_linux:8.0

Configuration #3

		CPE23	From	Up To
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0

Configuration #4

		CPE23	From	Up To
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:esm
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:esm

Configuration #5

		CPE23	From	Up To
	Opensuse Leap 15.1	cpe:2.3:o:opensuse:leap:15.1

Configuration #6

		CPE23	From	Up To
	Netapp Active Iq Unified Manager for Vmware Vsphere	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere
	Netapp Element Software	cpe:2.3:a:netapp:element_software:-
	Netapp Hci Management Node	cpe:2.3:a:netapp:hci_management_node:-
	Netapp Solidfire	cpe:2.3:a:netapp:solidfire:-
	Netapp Steelstore Cloud Integrated Storage	cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-
	Netapp Hci Compute Node	cpe:2.3:h:netapp:hci_compute_node:-

Configuration #7

AND

		CPE23
OR
	Netapp H300s Firmware	cpe:2.3:o:netapp:h300s_firmware:-
OR
	Running on/with
	Netapp H300s	cpe:2.3:h:netapp:h300s:-

Configuration #8

AND

		CPE23
OR
	Netapp H500s Firmware	cpe:2.3:o:netapp:h500s_firmware:-
OR
	Running on/with
	Netapp H500s	cpe:2.3:h:netapp:h500s:-

Configuration #9

AND

		CPE23
OR
	Netapp H700s Firmware	cpe:2.3:o:netapp:h700s_firmware:-
OR
	Running on/with
	Netapp H700s	cpe:2.3:h:netapp:h700s:-

Configuration #10

AND

		CPE23
OR
	Netapp H300e Firmware	cpe:2.3:o:netapp:h300e_firmware:-
OR
	Running on/with
	Netapp H300e	cpe:2.3:h:netapp:h300e:-

Configuration #11

AND

		CPE23
OR
	Netapp H500e Firmware	cpe:2.3:o:netapp:h500e_firmware:-
OR
	Running on/with
	Netapp H500e	cpe:2.3:h:netapp:h500e:-

Configuration #12

AND

		CPE23
OR
	Netapp H700e Firmware	cpe:2.3:o:netapp:h700e_firmware:-
OR
	Running on/with
	Netapp H700e	cpe:2.3:h:netapp:h700e:-

Configuration #13

AND

		CPE23
OR
	Netapp H410s Firmware	cpe:2.3:o:netapp:h410s_firmware:-
OR
	Running on/with
	Netapp H410s	cpe:2.3:h:netapp:h410s:-

Configuration #14

AND

		CPE23
OR
	Netapp H410c Firmware	cpe:2.3:o:netapp:h410c_firmware:-
OR
	Running on/with
	Netapp H410c	cpe:2.3:h:netapp:h410c:-

Configuration #15

AND

		CPE23
OR
	Netapp H610c Firmware	cpe:2.3:o:netapp:h610c_firmware:-
OR
	Running on/with
	Netapp H610c	cpe:2.3:h:netapp:h610c:-

Configuration #16

AND

		CPE23
OR
	Netapp H610s Firmware	cpe:2.3:o:netapp:h610s_firmware:-
OR
	Running on/with
	Netapp H610s	cpe:2.3:h:netapp:h610s:-

Configuration #17

AND

		CPE23
OR
	Netapp H615c Firmware	cpe:2.3:o:netapp:h615c_firmware:-
OR
	Running on/with
	Netapp H615c	cpe:2.3:h:netapp:h615c:-