CVE-2020-15530

HIGH Year: 2020
CVSS v3 Score
7.8
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-362
View all →

Vulnerability Description

An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGRAMFILES(X86)%\Steam have weak permissions during a critical time window. An attacker can make this time window arbitrarily long by using opportunistic locks.

Related Vulnerabilities

CVE-2014-9914

HIGH
CVSS:7.8(High)

Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by l...

CWE-3622014

CVE-2016-3914

HIGH
CVSS:7.8(High)

Race condition in providers/telephony/MmsProvider.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attacke...

CWE-3622016

CVE-2016-7911

HIGH
CVSS:7.8(High)

Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted iopr...

CWE-3622016

CVE-2016-8655

HIGH
CVSS:7.8(High)

Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability...

CWE-3622016

CVE-2016-9038

HIGH
CVSS:7.8(High)

An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corr...

CWE-3622016

CVE-2016-9794

HIGH
CVSS:7.8(High)

Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or p...

CWE-3622016