1. CVE-Search
  2. CVE-2020-13696
ID CVE-2020-13696
Summary An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command.
References
Vulnerable Configurations
  • cpe:2.3:a:linuxtv:xawtv:3.97:*:*:*:*:*:*:*
    cpe:2.3:a:linuxtv:xawtv:3.97:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxtv:xawtv:3.98:*:*:*:*:*:*:*
    cpe:2.3:a:linuxtv:xawtv:3.98:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxtv:xawtv:3.99:rc1:*:*:*:*:*:*
    cpe:2.3:a:linuxtv:xawtv:3.99:rc1:*:*:*:*:*:*
  • cpe:2.3:a:linuxtv:xawtv:3.99:rc2:*:*:*:*:*:*
    cpe:2.3:a:linuxtv:xawtv:3.99:rc2:*:*:*:*:*:*
  • cpe:2.3:a:linuxtv:xawtv:3.99:rc3:*:*:*:*:*:*
    cpe:2.3:a:linuxtv:xawtv:3.99:rc3:*:*:*:*:*:*
  • cpe:2.3:a:linuxtv:xawtv:3.99:rc4:*:*:*:*:*:*
    cpe:2.3:a:linuxtv:xawtv:3.99:rc4:*:*:*:*:*:*
  • cpe:2.3:a:linuxtv:xawtv:3.99:rc5:*:*:*:*:*:*
    cpe:2.3:a:linuxtv:xawtv:3.99:rc5:*:*:*:*:*:*
  • cpe:2.3:a:linuxtv:xawtv:3.99:rc6:*:*:*:*:*:*
    cpe:2.3:a:linuxtv:xawtv:3.99:rc6:*:*:*:*:*:*
  • cpe:2.3:a:linuxtv:xawtv:3.100:*:*:*:*:*:*:*
    cpe:2.3:a:linuxtv:xawtv:3.100:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxtv:xawtv:3.101:*:*:*:*:*:*:*
    cpe:2.3:a:linuxtv:xawtv:3.101:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxtv:xawtv:3.102:*:*:*:*:*:*:*
    cpe:2.3:a:linuxtv:xawtv:3.102:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxtv:xawtv:3.103:*:*:*:*:*:*:*
    cpe:2.3:a:linuxtv:xawtv:3.103:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxtv:xawtv:3.104:*:*:*:*:*:*:*
    cpe:2.3:a:linuxtv:xawtv:3.104:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxtv:xawtv:3.105:*:*:*:*:*:*:*
    cpe:2.3:a:linuxtv:xawtv:3.105:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxtv:xawtv:3.106:*:*:*:*:*:*:*
    cpe:2.3:a:linuxtv:xawtv:3.106:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
CVSS
Base: 3.6 (as of 28-04-2022 - 19:30)
Impact:
Exploitability:
CWE CWE-863
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:N
refmap via4
confirm http://www.openwall.com/lists/oss-security/2020/06/04/6
fedora
  • FEDORA-2020-93db553bb7
  • FEDORA-2020-cd5ad916e4
misc
mlist [debian-lts-announce] 20200612 [SECURITY] [DLA 2246-1] xawtv security update
suse
  • openSUSE-SU-2020:0784
  • openSUSE-SU-2020:0787
ubuntu USN-4518-1
Last major update 28-04-2022 - 19:30
Published 08-06-2020 - 17:15
Last modified 28-04-2022 - 19:30
Back to Top