Description
The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power."
References (9)
Core 9
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.14
Patch, Third Party Advisory x_refsource_misc
https://github.com/torvalds/linux/commit/28d76df18f0ad5bcf5fa48510b225f0ed262a99b
Patch, Vendor Advisory x_refsource_misc
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28d76df18f0ad5bcf5fa48510b225f0ed262a99b
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200608-0001/
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2020/dsa-4698
Scores
CVSS v3
4.1
EPSS
0.0009
EPSS Percentile
25.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-362
Status
published
Products (1)
linux/linux_kernel
< 5.4.14
Published
May 05, 2020
Tracked Since
Feb 18, 2026