The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html | Mailing List Third Party Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f44d04e696feaf13d192d942c4f14ad2e117065a | Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html | Mailing List Third Party Advisory |
https://twitter.com/grsecurity/status/1304537507560919041 | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-09-13 18:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-25284
Mitre link : CVE-2020-25284
CVE.ORG link : CVE-2020-25284
JSON object : View
Products Affected
linux
- linux_kernel
debian
- debian_linux
opensuse
- leap
CWE
CWE-863
Incorrect Authorization