{
  "threat_severity" : "Moderate",
  "public_date" : "2020-06-03T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check",
    "id" : "1903244",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1903244"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-362",
  "details" : [ "An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.", "An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check." ],
  "statement" : "This flaw has been rated as having Moderateimpact because, based on Red Hat's assessment, this issue is hard to exploit in practice because the race window is too small for it to be reliable.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-11-09T00:00:00Z",
    "advisory" : "RHSA-2021:4140",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-348.rt7.130.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-11-09T00:00:00Z",
    "advisory" : "RHSA-2021:4356",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-348.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2022-06-28T00:00:00Z",
    "advisory" : "RHSA-2022:5224",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.2::nfv",
    "package" : "kernel-rt-0:4.18.0-193.87.1.rt13.137.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2022-06-28T00:00:00Z",
    "advisory" : "RHSA-2022:5220",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.2",
    "package" : "kernel-0:4.18.0-193.87.1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support",
    "release_date" : "2022-07-19T00:00:00Z",
    "advisory" : "RHSA-2022:5633",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.4::nfv",
    "package" : "kernel-rt-0:4.18.0-305.57.1.rt7.129.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support",
    "release_date" : "2022-07-19T00:00:00Z",
    "advisory" : "RHSA-2022:5626",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.4",
    "package" : "kernel-0:4.18.0-305.57.1.el8_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-29368\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-29368" ],
  "name" : "CVE-2020-29368",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}