Vulnerabilities > CVE-2020-25284 - Incorrect Authorization vulnerability in multiple products
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f44d04e696feaf13d192d942c4f14ad2e117065a
- https://twitter.com/grsecurity/status/1304537507560919041
- https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html