Vulnerabilities > CVE-2020-25221 - Operation on a Resource after Expiration or Release vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://www.openwall.com/lists/oss-security/2020/09/10/4
- http://www.openwall.com/lists/oss-security/2020/09/10/4
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7
- https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a
- https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a
- https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2
- https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2
- https://security.netapp.com/advisory/ntap-20201001-0003/
- https://security.netapp.com/advisory/ntap-20201001-0003/
- https://www.openwall.com/lists/oss-security/2020/09/08/4
- https://www.openwall.com/lists/oss-security/2020/09/08/4