UBUNTU-CVE-2020-24612

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-24612

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-24612.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-24612

Upstream

CVE-2020-24612

Published

2020-08-24T21:15:00Z

Modified

2026-05-20T16:04:17.166051064Z

Severity

6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Ubuntu - low

Summary

[none]

Details

An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. Consequently, when SELinux is in enforced mode, pam-u2f is not allowed to read the user's U2F configuration file. If configured with the nouserok option (the default when configured by the authselect tool), and that file cannot be read, the second factor is disabled. An attacker with only the knowledge of the password can then log in, bypassing 2FA.

References

Affected packages

Ubuntu:14.04:LTS

refpolicy

Package

Name: refpolicy
Purl: pkg:deb/ubuntu/refpolicy?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:2.*

2:2.20110726-12

2:2.20110726-13

2:2.20131214-1

2:2.20140206-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:2.20140206-1",
            "binary_name": "selinux-policy-default"
        },
        {
            "binary_version": "2:2.20140206-1",
            "binary_name": "selinux-policy-mls"
        },
        {
            "binary_version": "2:2.20140206-1",
            "binary_name": "selinux-policy-src"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-24612.json"

Ubuntu:16.04:LTS

refpolicy

Package

Name: refpolicy
Purl: pkg:deb/ubuntu/refpolicy?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:2.*

2:2.20140421-9

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:2.20140421-9",
            "binary_name": "selinux-policy-default"
        },
        {
            "binary_version": "2:2.20140421-9",
            "binary_name": "selinux-policy-mls"
        },
        {
            "binary_version": "2:2.20140421-9",
            "binary_name": "selinux-policy-src"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-24612.json"

Ubuntu:18.04:LTS

refpolicy

Package

Name: refpolicy
Purl: pkg:deb/ubuntu/refpolicy?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:2.*

2:2.20161023.1-9

2:2.20161023.1-10

2:2.20171228-1

2:2.20180114-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:2.20180114-1",
            "binary_name": "selinux-policy-default"
        },
        {
            "binary_version": "2:2.20180114-1",
            "binary_name": "selinux-policy-mls"
        },
        {
            "binary_version": "2:2.20180114-1",
            "binary_name": "selinux-policy-src"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-24612.json"

Ubuntu:20.04:LTS

refpolicy

Package

Name: refpolicy
Purl: pkg:deb/ubuntu/refpolicy?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:2.*

2:2.20190201-4

2:2.20190201-5

2:2.20190201-6

2:2.20190201-7

2:2.20190201-8

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:2.20190201-8",
            "binary_name": "selinux-policy-default"
        },
        {
            "binary_version": "2:2.20190201-8",
            "binary_name": "selinux-policy-mls"
        },
        {
            "binary_version": "2:2.20190201-8",
            "binary_name": "selinux-policy-src"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-24612.json"

Ubuntu:22.04:LTS

refpolicy

Package

Name: refpolicy
Purl: pkg:deb/ubuntu/refpolicy?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:2.*

2:2.20210203-7

2:2.20210203-9

2:2.20210203-10

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:2.20210203-10",
            "binary_name": "selinux-policy-default"
        },
        {
            "binary_version": "2:2.20210203-10",
            "binary_name": "selinux-policy-mls"
        },
        {
            "binary_version": "2:2.20210203-10",
            "binary_name": "selinux-policy-src"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-24612.json"

Ubuntu:24.04:LTS

refpolicy

Package

Name: refpolicy
Purl: pkg:deb/ubuntu/refpolicy?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:2.*

2:2.20230929-1

2:2.20231010-1

2:2.20231119-1

2:2.20231119-2

2:2.20240202-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:2.20240202-1",
            "binary_name": "selinux-policy-default"
        },
        {
            "binary_version": "2:2.20240202-1",
            "binary_name": "selinux-policy-mls"
        },
        {
            "binary_version": "2:2.20240202-1",
            "binary_name": "selinux-policy-src"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-24612.json"

Ubuntu:25.10

refpolicy

Package

Name: refpolicy
Purl: pkg:deb/ubuntu/refpolicy?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:2.*

2:2.20241211-2

2:2.20250213-5

2:2.20250213-6

2:2.20250213-7

2:2.20250213-8

2:2.20250213-9

2:2.20250213-10

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:2.20250213-10",
            "binary_name": "selinux-policy-default"
        },
        {
            "binary_version": "2:2.20250213-10",
            "binary_name": "selinux-policy-mls"
        },
        {
            "binary_version": "2:2.20250213-10",
            "binary_name": "selinux-policy-src"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-24612.json"

Ubuntu:26.04:LTS

refpolicy

Package

Name: refpolicy
Purl: pkg:deb/ubuntu/refpolicy?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:2.*

2:2.20250213-10

2:2.20250213-11

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:2.20250213-11",
            "binary_name": "selinux-policy-default"
        },
        {
            "binary_version": "2:2.20250213-11",
            "binary_name": "selinux-policy-mls"
        },
        {
            "binary_version": "2:2.20250213-11",
            "binary_name": "selinux-policy-src"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-24612.json"