uthrasri / Linux_kernel_4.19.72

0 stars 0 forks source link

CVE-2020-29368 (High) detected in linuxlinux-4.19.72 #25

Open mend-bolt-for-github[bot] opened 11 months ago

mend-bolt-for-github[bot] commented 11 months ago

CVE-2020-29368 - High Severity Vulnerability

Vulnerable Library - linuxlinux-4.19.72

The Linux Kernel

Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux

Found in HEAD commit: ed48650604b1d1d694b8e4b96732faa74080f35a

Found in base branch: master

Vulnerable Source Files (1)

/mm/huge_memory.c

Vulnerability Details

An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.

Publish Date: 2020-11-28

URL: CVE-2020-29368

CVSS 3 Score Details (7.0)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29368

Release Date: 2020-11-28

Fix Resolution: v5.8-rc1,v5.7.5,v5.4.48


Step up your Open Source Security Game with Mend here