Published: 10/09/2020 Updated: 02/02/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 643

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x prior to 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
netapp cloud backup -
netapp solidfire \\& hci management node -
netapp hci compute node -
netapp solidfire baseboard management controller -
netapp solidfire\\, enterprise sds \\& hci storage node -

oss-sec mailing list archives   By Date By Thread </form>    Re: CVE Request: Linux kernel vsyscall page refcounting error   From: Sal ...

CWE-672 https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2 https://www.openwall.com/lists/oss-security/2020/09/08/4 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7 http://www.openwall.com/lists/oss-security/2020/09/10/4 https://security.netapp.com/advisory/ntap-20201001-0003/https://nvd.nist.gov http://seclists.org/oss-sec/2020/q3/170

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-25221

Vulnerability Summary

Vulnerability Trend

Mailing Lists

References

Vulmon Search

About

Products

Connect