Bug 1214593 (CVE-2020-21583)

Summary: VUL-0: CVE-2020-21583: util-linux: hwclock(8) SUID privilege escalation
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Sascha Weber <saweber>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: abergmann, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/375965/
Whiteboard: CVSSv3.1:SUSE:CVE-2020-21583:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexander Bergmann 2023-08-24 15:26:57 UTC 
CVE-2020-21583

An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated
privlidges or execute arbitrary commands via the path parameter when setting the
date.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21583
https://www.cve.org/CVERecord?id=CVE-2020-21583
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786804
https://packetstormsecurity.com/files/132061/hwclock-Privilege-Escalation.html
Comment 1 Alexander Bergmann 2023-08-24 15:28:04 UTC 
The hwclock binary in SLE and openSUSE products has not SUID bit set. Therefore our distributions are not affected by this issue.

This bug was only opened as reference and closed again.