CVE-2020-13696

Name	CVE-2020-13696
Description	An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-2246-1
Debian Bugs	962221

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
xawtv (PTS)	bullseye	3.107-1	fixed
	bookworm	3.107-1.1	fixed
	sid, trixie	3.107-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
xawtv	source	jessie	3.103-3+deb8u1		DLA-2246-1
xawtv	source	(unstable)	3.107-1			962221

Notes

[stretch] - xawtv <no-dsa> (Minor issue)
https://www.openwall.com/lists/oss-security/2020/06/04/6
Fixed by: https://git.linuxtv.org/xawtv3.git/commit/?id=31f31f9cbaee7be806cba38e0ff5431bd44b20a3
Fixed by: https://git.linuxtv.org/xawtv3.git/commit/?id=36dc44e68e5886339b4a0fbe3f404fb1a4fd2292
But those sill allow to test for arbitrary files and would need:
https://www.openwall.com/lists/oss-security/2020/06/04/6/1