CVE-2020-25284
MEDIUMLinux Kernel < 5.8.9 - Incorrect Authorization in rbd Block Device Driver
Title source: llmDescription
The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.
References (7)
Core 7
Core References
Patch, Vendor Advisory x_refsource_misc
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f44d04e696feaf13d192d942c4f14ad2e117065a
Third Party Advisory x_refsource_misc
https://twitter.com/grsecurity/status/1304537507560919041
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
Scores
CVSS v3
4.1
EPSS
0.0008
EPSS Percentile
22.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-863
Status
published
Products (3)
debian/debian_linux
9.0
linux/linux_kernel
< 5.8.9
opensuse/leap
15.1
Published
Sep 13, 2020
Tracked Since
Feb 18, 2026