A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
28 Apr 2022, 18:32
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* |
|
CWE | CWE-787 | |
First Time |
Debian debian Linux
Debian Opensuse leap Canonical ubuntu Linux Canonical Opensuse |
|
References | (UBUNTU) https://usn.ubuntu.com/4578-1/ - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html - Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4525-1/ - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html - Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4527-1/ - Third Party Advisory |
Information
Published : 2020-09-09 16:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-25212
Mitre link : CVE-2020-25212
CVE.ORG link : CVE-2020-25212
JSON object : View
Products Affected
linux
- linux_kernel
debian
- debian_linux
canonical
- ubuntu_linux
opensuse
- leap