CVE-2020-10942
kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.
En el kernel de Linux versiones anteriores a 5.5.8, la función get_raw_socket en el archivo drivers/vhost/net.c carece de una comprobación de un campo sk_family, que podría permitir a atacantes desencadenar una corrupción de pila del kernel por medio de llamadas de sistema diseñadas.
A stack buffer overflow issue was found in the get_raw_socket() routine of the Host kernel accelerator for virtio net (vhost-net) driver. It could occur while doing an ictol(VHOST_NET_SET_BACKEND) call, and retrieving socket name in a kernel stack variable via get_raw_socket(). A user able to perform ioctl(2) calls on the '/dev/vhost-net' device may use this flaw to crash the kernel resulting in DoS issue.
Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-03-24 CVE Reserved
- 2020-03-24 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-787: Out-of-bounds Write
CAPEC
References (17)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2020/04/15/4 | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20200403-0003 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://lkml.org/lkml/2020/2/15/125 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 | 2022-04-22 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html | 2022-04-22 | |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.8 | 2022-04-22 | |
| https://usn.ubuntu.com/4342-1 | 2022-04-22 | |
| https://usn.ubuntu.com/4344-1 | 2022-04-22 | |
| https://usn.ubuntu.com/4345-1 | 2022-04-22 | |
| https://usn.ubuntu.com/4364-1 | 2022-04-22 | |
| https://www.debian.org/security/2020/dsa-4667 | 2022-04-22 | |
| https://www.debian.org/security/2020/dsa-4698 | 2022-04-22 | |
| https://access.redhat.com/security/cve/CVE-2020-10942 | 2020-11-04 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1817718 | 2020-11-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.5.8 Search vendor "Linux" for product "Linux Kernel" and version " < 5.5.8" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
| ||||||