AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2020-29374: An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (

lowvulnerability

security

Source: NVD/CVE DatabaseNovember 28, 2020CVE-2020-29374

Summary

A bug was found in the Linux kernel before version 5.7.3 in the get_user_pages function (a mechanism that allows programs to access memory pages), where it incorrectly grants write access when it should only allow read access for copy-on-write pages (memory regions shared between processes that are copied when modified). This happens because the function doesn't properly respect read-only restrictions, creating a security vulnerability.

Solution / Mitigation

Update the Linux kernel to version 5.7.3 or later. A patch is available at https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f. Debian users should refer to security updates referenced in the Debian mailing list announcements and DSA-5096.

Vulnerability Details

CVSS Score

3.6(low)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrity

Taxonomy References

CWE (Weakness Type)

CWE-362 CWE-863

CAPEC (Attack Pattern)

CAPEC-122 CAPEC-26

Original source: https://nvd.nist.gov/vuln/detail/CVE-2020-29374

First tracked: February 15, 2026 at 08:35 PM

Classified by LLM (prompt v3) · confidence: 60%