CVE-2020-25284

Published: Sep 13, 2020Modified: Nov 21, 2024

4.1

Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N

Exploitability: 0.5 / Impact: 3.6

Source: NVD

Description

The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.

Affected (3)

Products: Linux: Linux Kernel · Debian: Debian Linux · Opensuse: Leap

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 5.8.9

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (14)

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f44d04e696feaf13d192d942c4f14ad2e117065a

Source: cve@mitre.org

PatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://twitter.com/grsecurity/status/1304537507560919041

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f44d04e696feaf13d192d942c4f14ad2e117065a

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://twitter.com/grsecurity/status/1304537507560919041

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.