Vulnerability CVE-2020-12114: Information

Description

A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter.

Severity: MEDIUM (4.7) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-12114
Published: May 4, 2020
Modified: June 14, 2021
Error type identifier: CWE-362

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
kernel-image-mpsisyphus4.20.4-alt16.8.4-alt1ALT-PU-2019-1139-1220078Fixed
kernel-image-mpp104.20.4-alt16.1.19-alt1ALT-PU-2019-1139-1220078Fixed
kernel-image-mpp95.5.16-alt15.12.16-alt1ALT-PU-2020-1714-1249865Fixed
kernel-image-mpc9f25.5.16-alt15.7.16-alt1ALT-PU-2020-1714-1249865Fixed
kernel-image-rpi-defsisyphus5.4.51-alt15.15.92-alt2ALT-PU-2020-2410-1254998Fixed
kernel-image-rpi-defp105.4.51-alt15.15.92-alt2ALT-PU-2020-2410-1254998Fixed
kernel-image-rpi-defp95.4.51-alt25.10.81-alt1ALT-PU-2020-2433-1255241Fixed
kernel-image-rpi-defc9f25.4.51-alt25.4.61-alt1ALT-PU-2020-2433-1255241Fixed
kernel-image-rtsisyphus4.19.124-alt1.rt536.1.83-alt1.rt28ALT-PU-2020-2003-1252187Fixed
kernel-image-rtp104.19.124-alt1.rt535.10.215-alt1.rt107ALT-PU-2020-2003-1252187Fixed
kernel-image-rtp94.19.124-alt1.rt534.19.189-alt1.rt78ALT-PU-2020-2162-1252396Fixed
kernel-image-rtc9f24.19.124-alt1.rt534.19.199-alt2.rt86ALT-PU-2020-2162-1252396Fixed
kernel-image-std-defsisyphus5.4.17-alt16.1.87-alt1ALT-PU-2020-1198-1245508Fixed
kernel-image-std-defp105.4.17-alt15.10.213-alt1ALT-PU-2020-1198-1245508Fixed
kernel-image-std-defp95.4.25-alt25.4.274-alt1ALT-PU-2020-1501-1247586Fixed
kernel-image-std-defp84.9.222-alt0.M80P.14.9.337-alt0.M80P.1ALT-PU-2020-1936-1251240Fixed
kernel-image-std-defc9f25.4.25-alt25.10.214-alt0.c9f.2ALT-PU-2020-1501-1247586Fixed
kernel-image-std-defc74.4.277-alt0.M70C.14.4.277-alt0.M70C.1ALT-PU-2021-3033-1281293Fixed
kernel-image-un-defsisyphus4.5.0-alt16.6.28-alt1ALT-PU-2016-1262-1161431Fixed
kernel-image-un-defp104.5.0-alt16.1.85-alt1ALT-PU-2016-1262-1161431Fixed
kernel-image-un-defp95.3.5-alt15.10.215-alt1ALT-PU-2019-2891-1239002Fixed
kernel-image-un-defp84.13.7-alt0.M80P.14.19.310-alt0.M80P.1ALT-PU-2017-2470-1188636Fixed
kernel-image-un-defc10f14.5.0-alt16.1.85-alt0.c10f.1ALT-PU-2016-1262-1161431Fixed
kernel-image-un-defc9f25.3.5-alt15.10.29-alt2ALT-PU-2019-2891-1239002Fixed
kernel-image-un-defc74.9.277-alt0.M70C.14.9.277-alt0.M70C.1ALT-PU-2021-3032-1281292Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://www.openwall.com/lists/oss-security/2020/05/04/2
  • Mailing List
  • Patch
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20200608-0001/
    [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
      [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
        [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
          DSA-4699
            DSA-4698
              openSUSE-SU-2020:0801
                USN-4388-1
                  USN-4392-1
                    USN-4389-1
                      USN-4387-1
                        USN-4390-1
                          USN-4391-1
                            http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html
                              https://www.oracle.com/security-alerts/cpuApr2021.html

                                  1. Configuration 1

                                    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
                                    Start including
                                    4.9.0
                                    End excliding
                                    4.9.221
                                    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
                                    Start including
                                    4.14
                                    End excliding
                                    4.14.178
                                    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
                                    Start including
                                    4.19
                                    End excliding
                                    4.19.119
                                    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
                                    Start including
                                    5.0
                                    End excliding
                                    5.3
                                    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
                                    Start including
                                    4.4.0
                                    End excliding
                                    4.4.221
                                VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                                Version: v24.4.2
                                Back to top