The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25284
Reference (s):
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f44d04e696feaf13d192d942c4f14ad2e117065a
- https://twitter.com/grsecurity/status/1304537507560919041
- MLIST:[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update
- URL: https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
- MLIST:[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update