CVE-2020-10942
kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.
En el kernel de Linux versiones anteriores a 5.5.8, la función get_raw_socket en el archivo drivers/vhost/net.c carece de una comprobación de un campo sk_family, que podría permitir a atacantes desencadenar una corrupción de pila del kernel por medio de llamadas de sistema diseñadas.
A stack buffer overflow issue was found in the get_raw_socket() routine of the Host kernel accelerator for virtio net (vhost-net) driver. It could occur while doing an ictol(VHOST_NET_SET_BACKEND) call, and retrieving socket name in a kernel stack variable via get_raw_socket(). A user able to perform ioctl(2) calls on the '/dev/vhost-net' device may use this flaw to crash the kernel resulting in DoS issue.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-03-24 CVE Reserved
- 2020-03-24 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-787: Out-of-bounds Write
CAPEC
References (17)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2020/04/15/4 | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20200403-0003 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://lkml.org/lkml/2020/2/15/125 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 | 2022-04-22 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html | 2022-04-22 | |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.8 | 2022-04-22 | |
| https://usn.ubuntu.com/4342-1 | 2022-04-22 | |
| https://usn.ubuntu.com/4344-1 | 2022-04-22 | |
| https://usn.ubuntu.com/4345-1 | 2022-04-22 | |
| https://usn.ubuntu.com/4364-1 | 2022-04-22 | |
| https://www.debian.org/security/2020/dsa-4667 | 2022-04-22 | |
| https://www.debian.org/security/2020/dsa-4698 | 2022-04-22 | |
| https://access.redhat.com/security/cve/CVE-2020-10942 | 2020-11-04 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1817718 | 2020-11-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.5.8 Search vendor "Linux" for product "Linux Kernel" and version " < 5.5.8" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
| ||||||