CVE-2020-13696

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-13696
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13696.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-13696
Related
Published
2020-06-08T17:15:10Z
Modified
2024-07-03T02:45:15.043435Z
Severity
  • 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in LinuxTV xawtv before 3.107. The function devopen() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode ORDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command.

References

Affected packages

Git / git.linuxtv.org/xawtv3.git

Affected ranges

Type
GIT
Repo
http://git.linuxtv.org/xawtv3.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8e3feea862db68d3ca0886f46cd99fab45d2db7c

Affected versions

xawtv-3.*

xawtv-3.100
xawtv-3.102
xawtv-3.103
xawtv-3.104
xawtv-3.105
xawtv-3.106
xawtv-3.97
xawtv-3.98
xawtv-3.99.rc1
xawtv-3.99.rc2
xawtv-3.99.rc3
xawtv-3.99.rc4
xawtv-3.99.rc5
xawtv-3.99.rc6