#VU51946 Operation on a Resource after Expiration or Release in Linux kernel - CVE-2020-25221
Published: April 7, 2021 / Updated: August 23, 2021
Vulnerability identifier: #VU51946
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2020-25221
CWE-ID: CWE-672
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect reference counting caused by gate page mishandling of the struct page that backs the vsyscall page in get_gate_page() function in mm/gup.c. A local user can trigger refcount underflow and escalate privileges on the system.
Remediation
Install updates from vendor's website.
External links
- http://www.openwall.com/lists/oss-security/2020/09/10/4
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7
- https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a
- https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2
- https://security.netapp.com/advisory/ntap-20201001-0003/
- https://www.openwall.com/lists/oss-security/2020/09/08/4