VDB
CVE-2020-11725
CVE-2020-11725
PUBLISHED
snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info->owner field to represent data unrelated to the "owner" concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have been designed to misuse the info->owner field in a safe way
EPSS 0.13% · 31.4th percentile
Risk Scores
EPSS Score
0.13%
31.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | linux-gke | 5.15.0-1090.96, 5.15.0-1093.99, 5.15.0-1094.100 |
| Ubuntu:20.04:LTS | linux-hwe-5.13 | *, *, * |
| Ubuntu:22.04:LTS | linux | 0, 5.15.0-156.166, 5.15.0-88.98 |
| Ubuntu:Pro:FIPS-updates:20.04:LTS | linux-fips | 5.4.0-1120.130, 5.4.0-1121.131, 5.4.0-1122.132 |
| Ubuntu:22.04:LTS | linux-gkeop | 5.15.0-1002.4, 5.15.0-1057.64, 5.15.0-1065.73 |
| Ubuntu:Pro:20.04:LTS | linux-lowlatency-hwe-5.15 | 5.15.0-152.162~20.04.1, 0, 5.15.0-33.34~20.04.1 |
| Ubuntu:Pro:14.04:LTS | linux-azure | 4.15.0-1139.152~14.04.1, 0, 4.15.0-1023.24~14.04.1 |
| Ubuntu:20.04:LTS | linux-azure-5.8 | *, 0, 5.8.0-1043.46~20.04.1 |
| Ubuntu:20.04:LTS | linux-intel-5.13 | 5.13.0-1014.15, 5.13.0-1011.11, 5.13.0-1009.9 |
| Ubuntu:20.04:LTS | linux-oracle-5.8 | 5.8.0-1031.32~20.04.2, 0, 5.8.0-1033.34~20.04.1 |
| Ubuntu:Pro:18.04:LTS | linux-raspi-5.4 | 5.4.0-1131.144~18.04.1, 5.4.0-1133.146~18.04.1, 5.4.0-1134.147~18.04.1 |
| Ubuntu:18.04:LTS | linux-oracle-5.3 | 5.3.0-1028.30~18.04.1, 5.3.0-1027.29~18.04.1, 5.3.0-1024.26~18.04.1 |
| Ubuntu:20.04:LTS | linux-oem-5.14 | 5.14.0-1034.37, 5.14.0-1031.34, 5.14.0-1029.32 |
| Ubuntu:22.04:LTS | linux-oracle | 5.15.0-1080.86, 5.15.0-1053.59, 5.15.0-1052.58 |
| Ubuntu:18.04:LTS | linux-gkeop-5.4 | 5.4.0-1014.15~18.04.1, 5.4.0-1003.3, 5.4.0-1004.5 |
| Ubuntu:Pro:16.04:LTS | linux-oracle | 4.15.0-1098.108~16.04.1, 4.15.0-1081.89~16.04.1, 4.15.0-1086.94~16.04.1 |
| Ubuntu:18.04:LTS | linux-hwe | 0, 4.18.0-13.14~18.04.1, 4.18.0-14.15~18.04.1 |
| Ubuntu:Pro:20.04:LTS | linux-azure-fde-5.15 | 5.15.0-1081.90~20.04.1.1, *, * |
| Ubuntu:20.04:LTS | linux-hwe-5.11 | 5.11.0-25.27~20.04.1, 5.11.0-27.29~20.04.1, 5.11.0-38.42~20.04.1 |
| Ubuntu:16.04:LTS | linux-hwe-edge | 4.13.0-19.22~16.04.1, 4.13.0-21.24~16.04.1, 4.13.0-25.29~16.04.2 |
…and 85 more
Exploit Intelligence
Timeline
- Apr 12, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-11725 third-party-advisory
- https://twitter.com/yabbadabbadrew/status/1248632267028582400 third-party-advisory
- https://github.com/torvalds/linux/blob/3b2549a3740efb8af0150415737067d87e466c5b/sound/core/control.c#L1434-L1474 third-party-advisory
- https://lore.kernel.org/alsa-devel/s5h4ktmlfpx.wl-tiwai@suse.de/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-11725 third-party-advisory