CVE-2020-29374

CVSS v3.1 3.6 (Low)

CVSS v2.0 3.3 (Low)

EPSS 0.06 % (24^th)

Affected Products 11

Advisories 18

An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.

Weaknesses

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-863: Incorrect Authorization

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2020-11-28 07:15:11
(3 years ago)
Updated Date: 2023-11-09 14:44:33
(10 months ago)

Affected Products

Debian

Debian Linux

Linux

Linux Kernel

Netapp

Configuration #1

		CPE23	From	Up To
	Linux Kernel prior 5.7.3 version	cpe:2.3:o:linux:linux_kernel		< 5.7.3

Configuration #2

		CPE23	From	Up To
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0

Configuration #3

AND

		CPE23
OR
	Netapp 500f Firmware	cpe:2.3:o:netapp:500f_firmware:-
OR
	Running on/with
	Netapp 500f	cpe:2.3:h:netapp:500f:-

Configuration #4

AND

		CPE23
OR
	Netapp A250 Firmware	cpe:2.3:o:netapp:a250_firmware:-
OR
	Running on/with
	Netapp A250	cpe:2.3:h:netapp:a250:-

Configuration #5

AND

		CPE23
OR
	Netapp H410c Firmware	cpe:2.3:o:netapp:h410c_firmware:-
OR
	Running on/with
	Netapp H410c	cpe:2.3:h:netapp:h410c:-

Configuration #6

		CPE23	From	Up To
	Netapp Solidfire & Hci Management Node	cpe:2.3:a:netapp:solidfire_\%26_hci_management_node:-
	Netapp Solidfire & Hci Storage Node	cpe:2.3:a:netapp:solidfire_\%26_hci_storage_node:-
	Netapp Hci Compute Node Bios	cpe:2.3:o:netapp:hci_compute_node_bios:-