CVE-2020-8016

CVE-2020-8016 is a medium-severity vulnerability in Opensuse Texlive-filesystem with a CVSS 3.x base score of 4.9. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-367.

Key facts

Description

A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privileges. This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.

Frequently asked questions

What is CVE-2020-8016?
A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privileges. This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.
How severe is CVE-2020-8016?
CVE-2020-8016 has a CVSS 3.x base score of 4.9, rated medium severity. It is exploitable over local access with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is low, integrity low, and availability low.
Is CVE-2020-8016 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (20th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2020-8016?
CVE-2020-8016 primarily affects Opensuse Texlive-filesystem. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2020-8016?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2020-8016 published?
CVE-2020-8016 was published on 2020-04-02 and last updated on 2026-06-17.

References

Affected products (2)

More vulnerabilities in Opensuse Texlive-filesystem

All CVEs affecting Opensuse Texlive-filesystem →

Other CWE-367 (Time-of-check Time-of-use (TOCTOU) Race Condition) vulnerabilities

Browse all CWE-367 (Time-of-check Time-of-use (TOCTOU) Race Condition) vulnerabilities →