VDB

CVE-2020-10690

CVE-2020-10690 PUBLISHED

There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.

EPSS 0.13% · 31.8th percentile

Risk Scores

EPSS Score
0.13%
31.8th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:FIPS:16.04:LTSlinux-fips4.4.0-1002.2, 4.4.0-1026.31, 4.4.0-1001.1
Ubuntu:16.04:LTSlinux-aws4.4.0-1077.87, 4.4.0-1074.84, 4.4.0-1070.80
Ubuntu:16.04:LTSlinux-oracle*, *, *
Ubuntu:18.04:LTSlinux-oracle-5.00, 5.0.0-1009.14~18.04.1, 5.0.0-1010.15~18.04.1
Ubuntu:16.04:LTSlinux-hwe-edge4.13.0-16.19~16.04.3, 4.10.0-24.28~16.04.1, 4.10.0-22.24~16.04.1
Ubuntu:18.04:LTSlinux-oem4.15.0-1009.12, 4.15.0-1050.57, 4.15.0-1012.15
Ubuntu:18.04:LTSlinux-aws4.15.0-1043.45, 4.15.0-1045.47, 4.15.0-1044.46
Ubuntu:18.04:LTSlinux-raspi24.15.0-1028.30, 4.15.0-1030.32, 4.15.0-1026.28
Ubuntu:Pro:14.04:LTSlinux-azure4.15.0-1060.65~14.04.1, *, *
Ubuntu:18.04:LTSlinux-aws-5.05.0.0-1023.26~18.04.1, *, 5.0.0-1024.27~18.04.1
Ubuntu:20.04:LTSlinux-gke5.4.0-1066.69, 5.4.0-1067.70, 5.4.0-1068.71
Ubuntu:Pro:FIPS-updates:18.04:LTSlinux-azure-fips0, 4.15.0-1002.2
Ubuntu:16.04:LTSlinux-azure4.13.0-1009.12, 4.11.0-1014.14, 4.11.0-1015.15
Ubuntu:Pro:14.04:LTSlinux-aws4.4.0-1048.52, 4.4.0-1032.35, 4.4.0-1031.34
Ubuntu:18.04:LTSlinux-raspi2-5.30, 5.3.0-1017.19~18.04.1
Ubuntu:18.04:LTSlinux-hwe-edge5.3.0-23.25~18.04.2, 5.3.0-24.26~18.04.2, 5.3.0-19.20~18.04.2
Ubuntu:22.04:LTSlinux-realtime0, 5.15.0-1032.35
Ubuntu:18.04:LTSlinux-hwe5.0.0-32.34~18.04.2, 4.18.0-25.26~18.04.1, *
Ubuntu:18.04:LTSlinux-snapdragon4.4.0-1079.84, 4.15.0-1054.58, 4.15.0-1066.73
Ubuntu:18.04:LTSlinux-kvm4.15.0-1029.29, 4.15.0-1028.28, 4.15.0-1027.27

…and 30 more

Timeline

  • Apr 21, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›