VDB
CVE-2020-29534
CVE-2020-29534
PUBLISHED
An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94.
EPSS 0.04% · 12.5th percentile
Risk Scores
EPSS Score
0.04%
12.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | linux-azure-5.3 | 5.3.0-1018.19~18.04.1, 5.3.0-1019.20~18.04.1, 5.3.0-1035.36 |
| Ubuntu:18.04:LTS | linux-oracle-5.0 | *, 0, 5.0.0-1008.13~18.04.1 |
| Ubuntu:18.04:LTS | linux-oracle-5.3 | 5.3.0-1016.18~18.04.1, 5.3.0-1014.15~18.04.1, 5.3.0-1013.14~18.04.1 |
| Ubuntu:18.04:LTS | linux-azure | 4.15.0-1003.3, *, 4.15.0-1002.2 |
| Ubuntu:18.04:LTS | linux-azure-edge | 4.18.0-1008.8~18.04.1, *, 0 |
| Ubuntu:18.04:LTS | linux-aws-5.3 | 5.3.0-1028.30~18.04.1, 5.3.0-1019.21~18.04.1, 5.3.0-1017.18~18.04.1 |
| Ubuntu:18.04:LTS | linux-oem | 4.15.0-1096.106, 4.15.0-1094.104, 4.15.0-1090.100 |
| Ubuntu:16.04:LTS | linux-hwe-edge | *, 0, 4.8.0-28.30~16.04.1 |
| Ubuntu:18.04:LTS | linux-gcp | 5.0.0-1034.35, 4.15.0-1036.38, 5.0.0-1033.34 |
| Ubuntu:20.04:LTS | linux-raspi2 | 0, 5.4.0-1006.6, 5.4.0-1004.4 |
| Ubuntu:18.04:LTS | linux-aws-5.0 | 5.0.0-1021.24~18.04.1, 5.0.0-1022.25~18.04.1, 5.0.0-1023.26~18.04.1 |
| Ubuntu:18.04:LTS | linux-gcp-5.3 | 5.3.0-1012.13~18.04.1, 5.3.0-1014.15~18.04.1, 5.3.0-1017.18~18.04.1 |
| Ubuntu:18.04:LTS | linux-gcp-edge | 4.18.0-1005.6~18.04.1, 0, * |
| Ubuntu:18.04:LTS | linux-hwe-edge | *, *, 5.3.0-22.24~18.04.1 |
| Ubuntu:20.04:LTS | linux-oem-5.6 | 5.6.0-1034.36, 5.6.0-1033.35, 5.6.0-1032.33 |
| Ubuntu:18.04:LTS | linux-hwe | *, *, 5.3.0-69.65 |
| Ubuntu:20.04:LTS | linux-hwe-5.8 | 0, 5.8.0-23.24~20.04.1, 5.8.0-28.30~20.04.1 |
| Ubuntu:20.04:LTS | linux-riscv | 0, 5.4.0-24.28, 5.4.0-27.31 |
Exploit Intelligence
Timeline
- Dec 3, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-29534 third-party-advisory
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2089 third-party-advisory
- https://git.kernel.org/linus/0f2122045b946241a9e549c2a76cea54fa58a7ff third-party-advisory
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.3 third-party-advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f2122045b946241a9e549c2a76cea54fa58a7ff third-party-advisory
- https://ubuntu.com/security/notices/USN-4678-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-29534 third-party-advisory