Incorrect authorization in Linux kernel - CVE-2020-25284

 

Incorrect authorization in Linux kernel - CVE-2020-25284

Published: September 13, 2020 / Updated: April 28, 2022


Vulnerability identifier: #VU92423
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-25284
CWE-ID: CWE-863
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local privileged user to manipulate data.

The vulnerability exists due to incorrect authorization error within the rbd_config_info_show(), rbd_image_refresh(), do_rbd_add() and do_rbd_remove() functions in drivers/block/rbd.c. A local privileged user can manipulate data.


How to mitigate CVE-2020-25284

Install update from vendor's repository.

Sources