Vulnerabilities > CVE-2020-25284 - Incorrect Authorization vulnerability in multiple products

047910
CVSS 4.1 - MEDIUM
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
HIGH
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
local
high complexity
linux
debian
opensuse
CWE-863

Summary

The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.

Vulnerable Configurations

Part Description Count
OS
Linux
4588
OS
Debian
1
OS
Opensuse
1

Common Weakness Enumeration (CWE)