{"id":"CVE-2020-13696","details":"An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command.","modified":"2026-03-20T11:32:24.058052Z","published":"2020-06-08T17:15:10.160Z","related":["MGASA-2020-0257","SUSE-SU-2020:1712-1","openSUSE-SU-2020:0784-1","openSUSE-SU-2020:0787-1","openSUSE-SU-2024:11517-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7XWAO7W2DGA6M52JGK2TDWUGF62Q2KY/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELOXU5LXQSQOXX64D4BICZV3TQWOBXHC/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00009.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00013.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00018.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4518-1/"},{"type":"REPORT","url":"http://www.openwall.com/lists/oss-security/2020/06/04/6"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-13696"},{"type":"FIX","url":"https://git.linuxtv.org/xawtv3.git/commit/?id=36dc44e68e5886339b4a0fbe3f404fb1a4fd2292"},{"type":"FIX","url":"https://git.linuxtv.org/xawtv3.git/commit/?id=8e3feea862db68d3ca0886f46cd99fab45d2db7c"},{"type":"FIX","url":"https://git.linuxtv.org/xawtv3.git/commit/?id=31f31f9cbaee7be806cba38e0ff5431bd44b20a3"}],"affected":[{"ranges":[{"type":"GIT","repo":"http://git.linuxtv.org/xawtv3.git","events":[{"introduced":"0"},{"fixed":"8e3feea862db68d3ca0886f46cd99fab45d2db7c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.107"}]}}],"versions":["xawtv-3.100","xawtv-3.102","xawtv-3.103","xawtv-3.104","xawtv-3.105","xawtv-3.106","xawtv-3.97","xawtv-3.98","xawtv-3.99.rc1","xawtv-3.99.rc2","xawtv-3.99.rc3","xawtv-3.99.rc4","xawtv-3.99.rc5","xawtv-3.99.rc6"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13696.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0-sp1"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]},{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}]}