SB2020120319 - Incorrect calculation in Linux kernel fs

Description

This security bulletin contains information about 1 security vulnerability.

1) Incorrect calculation (CVE-ID: CVE-2020-29534)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to incorrect calculation within the __put_task_struct() and copy_process() functions in kernel/fork.c, within the __io_cqring_fill_event(), io_dismantle_req(), io_req_free_batch_finish(), io_req_free_batch(), io_close_prep(), io_req_drop_files(), io_req_set_file(), io_init_req(), io_submit_sqes(), io_sq_thread(), io_uring_alloc_task_context(), io_sq_offload_start(), io_wq_files_match(), io_uring_cancel_files(), io_cancel_task_cb(), SYSCALL_DEFINE6() and io_uring_get_fd() functions in fs/io_uring.c, within the exit_files() function in fs/file.c, within the bprm_execve() function in fs/exec.c. A local user can execute arbitrary code.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f2122045b946241a9e549c2a76cea54fa58a7ff
• https://bugs.chromium.org/p/project-zero/issues/detail?id=2089
• https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.3