VDB

CVE-2020-16126

CVE-2020-16126 PUBLISHED

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.

EPSS 1.99% · 84.0th percentile

Risk Scores

EPSS Score
1.99%
84.0th percentile

Affected Products

VendorProductVersions
Ubuntu:20.04:LTSaccountsservice0.6.55-0ubuntu10, 0.6.55-0ubuntu12~20.04.2, 0.6.55-0ubuntu12~20.04.1
Ubuntu:Pro:14.04:LTSaccountsservice0.6.35-0ubuntu3, 0.6.35-0ubuntu4, 0.6.35-0ubuntu5
Ubuntu:18.04:LTSaccountsservice0.6.42-0ubuntu3, 0.6.42-0ubuntu4, 0
Ubuntu:16.04:LTSaccountsservice0.6.40-2ubuntu11.2, 0.6.40-2ubuntu8, 0.6.40-2ubuntu7

Exploit Intelligence

Timeline

  • Nov 3, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • May 13, 2023 EPSS Score
  • Jul 14, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›