[ASB-A-147802478] kernel exploit: struct file UAF with epoll_ctl() add
Severity
High
Affected Packages
1
Fixed Packages
1
CVEs
1
In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Package | Affected Version |
---|---|
pkg:generic/android#linux_kernel | >= :0, < :2020-12-05 |
Package | Fixed Version |
---|---|
pkg:generic/android#linux_kernel | = :2020-12-05 |
- ID
- ASB-A-147802478
- Severity
- high
- URL
- https://source.android.com/security/bulletin/2020-12-01
- Published
-
2020-12-01T00:00:00
(3 years ago) - Modified
-
2024-07-31T14:43:08
(7 weeks ago) - Rights
- Android Security Team
- Other Advisories
-
- ALSA-2021:1093
- ELSA-2021-1093
- ELSA-2021-9215
- ELSA-2022-0620
- ELSA-2022-9781
- ELSA-2023-12527
- openSUSE-SU-2021:0060-1
- openSUSE-SU-2021:0075-1
- openSUSE-SU-2021:0242-1
- RHSA-2021:1081
- RHSA-2021:1093
- RHSA-2022:0592
- RHSA-2022:0620
- RHSA-2022:0622
- SUSE-SU-2021:0094-1
- SUSE-SU-2021:0095-1
- SUSE-SU-2021:0096-1
- SUSE-SU-2021:0097-1
- SUSE-SU-2021:0098-1
- SUSE-SU-2021:0108-1
- SUSE-SU-2021:0117-1
- SUSE-SU-2021:0118-1
- SUSE-SU-2021:0133-1
- SUSE-SU-2021:0362-1
- SUSE-SU-2021:0367-1
- SUSE-SU-2021:0377-1
- SUSE-SU-2021:0408-1
- SUSE-SU-2021:0434-1
- SUSE-SU-2021:0437-1
- SUSE-SU-2021:0438-1
- SUSE-SU-2021:0452-1
- USN-4912-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Fixed | pkg:generic/android#linux_kernel | android | = :2020-12-05 | ||||
Affected | pkg:generic/android#linux_kernel | android | >= :0 < :2020-12-05 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |