Published: 15/12/2020 Updated: 19/01/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 8.8 | Impact Score: 6 | Exploitability Score: 2

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

An issue exists in the Linux kernel up to and including 5.10.1, as used with Xen up to and including 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen
linux linux kernel
netapp hci_compute_node_bios -
netapp solidfire \\& hci management node -
netapp solidfire \\& hci storage node -
debian debian linux 9.0
debian debian linux 10.0

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2020-27815 A flaw was reported in the JFS filesystem code allowing a local attacker with the ability to set extended attributes to cause a denial of service CVE-2020-27825 Adam pi3 Z ...

In the Linux kernel 5021, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutexc This is related to mutex_can_spin_on_owner in kernel/locking/mutexc, __btrfs_qgroup_free_meta in fs/btrfs/qgroupc, and btrfs_insert_delayed_ ...

A flaw was found in the JFS filesystem code This flaw allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability (CVE-2020-27815) A flaw was found in the Linu ...

In the Linux kernel 5021, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutexc This is related to mutex_can_spin_on_owner in kernel/locking/mutexc, __btrfs_qgroup_free_meta in fs/btrfs/qgroupc, and btrfs_insert_delayed_ ...

Description of Problem Several security issues have been identified that, collectively, may allow privileged code running in a guest VM to compromise the host or cause a denial of service These vulnerabilities have the following identifiers:  CVE ID Description Vulnerability Type Pre-conditions CVE-2020-29479 An attacker with the ability to ...

oss-sec mailing list archives   By Date By Thread </form>    Xen Security Advisory 350 v4 (CVE-2020-29569) - Use after free triggered by block frontend in Linux blkback <!--X-Subject-Head ...

CWE-416 https://xenbits.xenproject.org/xsa/advisory-350.html https://www.debian.org/security/2021/dsa-4843 https://security.netapp.com/advisory/ntap-20210205-0001/https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html https://security.gentoo.org/glsa/202107-30 https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4843

CVE-2020-29569

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect