VDB
CVE-2020-12652
CVE-2020-12652
PUBLISHED
The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power."
EPSS 0.09% · 25.8th percentile
Risk Scores
EPSS Score
0.09%
25.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:FIPS:18.04:LTS | linux-aws-fips | 4.15.0-2000.4, 0 |
| Ubuntu:20.04:LTS | linux-gke | 5.4.0-1103.110, 5.4.0-1104.111, 5.4.0-1102.109 |
| Ubuntu:22.04:LTS | linux-realtime | 0, 5.15.0-1032.35 |
| Ubuntu:20.04:LTS | linux-raspi2 | 5.3.0-1017.19, 5.3.0-1015.17, 5.4.0-1006.6 |
| Ubuntu:18.04:LTS | linux | 4.15.0-76.86, 4.15.0-45.48, 4.15.0-65.74 |
| Ubuntu:16.04:LTS | linux-aws | 4.4.0-1063.72, 4.4.0-1067.77, 4.4.0-1069.79 |
| Ubuntu:18.04:LTS | linux-raspi2-5.3 | *, 5.3.0-1017.19~18.04.1, 0 |
| Ubuntu:16.04:LTS | linux-gcp | 4.15.0-1027.28~16.04.1, *, * |
| Ubuntu:16.04:LTS | linux-hwe | 4.15.0-58.64~16.04.1, 4.15.0-55.60~16.04.2, 4.15.0-51.55~16.04.1 |
| Ubuntu:16.04:LTS | linux-raspi2 | 0, 4.2.0-1013.19, 4.4.0-1003.4 |
| Ubuntu:18.04:LTS | linux-gcp | 4.15.0-1021.22, 4.15.0-1025.26, 4.15.0-1026.27 |
| Ubuntu:18.04:LTS | linux-oem | 4.15.0-1045.50, 4.15.0-1043.48, 4.15.0-1035.40 |
| Ubuntu:18.04:LTS | linux-gcp-edge | 5.0.0-1013.13~18.04.1, *, 4.18.0-1012.13~18.04.1 |
| Ubuntu:18.04:LTS | linux-hwe-edge | 0, 5.0.0-15.16~18.04.1, 5.0.0-16.17~18.04.1 |
| Ubuntu:16.04:LTS | linux-snapdragon | 4.4.0-1059.63, 4.4.0-1087.92, 4.4.0-1115.121 |
| Ubuntu:18.04:LTS | linux-azure | 4.15.0-1032.33, 4.15.0-1030.31, 4.15.0-1028.29 |
| Ubuntu:Pro:FIPS-updates:18.04:LTS | linux-azure-fips | 0, 4.15.0-1002.2 |
| Ubuntu:18.04:LTS | linux-oem-osp1 | 5.0.0-1039.44, 0, 5.0.0-1012.13 |
| Ubuntu:Pro:14.04:LTS | linux-lts-xenial | 4.4.0-34.53~14.04.1, 4.4.0-165.193~14.04.1, 4.4.0-164.192~14.04.1 |
| Ubuntu:18.04:LTS | linux-aws-5.0 | 5.0.0-1022.25~18.04.1, 5.0.0-1023.26~18.04.1, * |
…and 31 more
Timeline
- May 4, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-12652 third-party-advisory
- https://git.kernel.org/linus/28d76df18f0ad5bcf5fa48510b225f0ed262a99b third-party-advisory
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.14 third-party-advisory
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28d76df18f0ad5bcf5fa48510b225f0ed262a99b third-party-advisory
- https://github.com/torvalds/linux/commit/28d76df18f0ad5bcf5fa48510b225f0ed262a99b third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-12652 third-party-advisory