CVE-2020-13696: 
NixOS vulnerability analysis and mitigation

A vulnerability (CVE-2020-13696) was discovered in LinuxTV xawtv before version 3.107. The issue was found in the v4l-conf setuid-root program, which is designed to allow regular users to configure v4l devices. The vulnerability was discovered by Matthias Gerstner and was disclosed on May 14, 2020 (OSS Security).

The vulnerability exists in the dev_open() function within v4l-conf.c, which contains an insufficient security check that only verifies if a path starts with '/dev/'. This naive check is not safe against relative path components or symlinks in /dev/shm. The function fails to perform adequate checks to prevent an unprivileged caller from opening unintended filesystem paths (OSS Security, Debian Security).

The vulnerability allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and trigger an open operation on arbitrary files with mode O_RDWR. This could lead to information disclosure and privilege escalation (Ubuntu Security, Debian Security).

The vulnerability was fixed in xawtv version 3.107. The fix was implemented through multiple commits in the upstream repository, including commits 31f31f9cbaee7be806cba38e0ff5431bd44b20a3 and 36dc44e68e5886339b4a0fbe3f404fb1a4fd2292. Various distributions have released security updates to address this vulnerability (LinuxTV Git, OpenSUSE Security).