Operation on a Resource after Expiration or Release in Linux kernel - CVE-2020-25221
Published: April 7, 2021 / Updated: August 23, 2021
Vulnerability identifier: #VU51946
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2020-25221
CWE-ID: CWE-672
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect reference counting caused by gate page mishandling of the struct page that backs the vsyscall page in get_gate_page() function in mm/gup.c. A local user can trigger refcount underflow and escalate privileges on the system.
How to mitigate CVE-2020-25221
Install updates from vendor's website.
Sources
- http://www.openwall.com/lists/oss-security/2020/09/10/4
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7
- https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a
- https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2
- https://security.netapp.com/advisory/ntap-20201001-0003/
- https://www.openwall.com/lists/oss-security/2020/09/08/4