CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS
Percentile
5.1%
An issue was discovered in LinuxTV xawtv before 3.107. The function
dev_open() in v4l-conf.c does not perform sufficient checks to prevent an
unprivileged caller of the program from opening unintended filesystem
paths. This allows a local attacker with access to the v4l-conf setuid-root
program to test for the existence of arbitrary files and to trigger an open
on arbitrary files with mode O_RDWR. To achieve this, relative path
components need to be added to the device path, as demonstrated by a
v4l-conf -c /dev/…/root/.bash_history command.
launchpad.net/bugs/cve/CVE-2020-13696
nvd.nist.gov/vuln/detail/CVE-2020-13696
security-tracker.debian.org/tracker/CVE-2020-13696
ubuntu.com/security/notices/USN-4518-1
www.cve.org/CVERecord?id=CVE-2020-13696
www.openwall.com/lists/oss-security/2020/06/04/6
www.openwall.com/lists/oss-security/2020/06/04/6/1
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS
Percentile
5.1%