CVE-2020-12114: 
Linux Kernel vulnerability analysis and mitigation

A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter. The vulnerability was discovered by Piotr Krysiuk and assigned CVE-2020-12114 in May 2020 (OSS Security).

The vulnerability exists due to a race condition between putmountpoint() and pivotroot() operations. One thread increments mcount member of struct mountpoint under namespacesem without holding mountlock, while another thread simultaneously decrements the same mcount under mountlock without holding namespacesem. This allows unprivileged local users to trigger destruction of a mountpoint that is still in use. The CVSS v3.1 base score is 4.7 (Medium) with vector: AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

A successful exploitation of this vulnerability allows local users to cause a denial of service by triggering a kernel panic through corruption of a mountpoint reference counter (OSS Security).

The vulnerability was fixed by grabbing mountlock before updating mcount in pivot_root(). The fix has been merged into all relevant longterm branches by upstream Linux kernel in versions 4.19.119, 4.14.178, 4.9.221, and 4.4.221. Users should upgrade to these or later versions (OSS Security).

Major Linux distributions including Ubuntu, Debian and SUSE released security updates to address this vulnerability. Ubuntu released updates across multiple versions including 20.04 LTS, 19.10, 18.04 LTS and 16.04 LTS (Ubuntu Security). NetApp also released patches for affected products (NetApp Security).