CVE-2020-8428
Debian Security Advisory 4667-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed.
El archivo fs/namei.c en el kernel de Linux versiones anteriores a 5.5, presenta una vulnerabilidad de uso de la memoria previamente liberada en la función may_create_in_sticky, que permite a usuarios locales causar una denegación de servicio (OOPS) u obtener información confidencial de la memoria del kernel, también se conoce como CID-d0cb50185ae9. Un vector de ataque puede ser una llamada de sistema abierta para un socket del dominio UNIX, si el socket está siendo movido hacia un nuevo directorio padre y su antiguo directorio padre está siendo eliminado.
Andrew Honig reported a flaw in the way KVM (Kernel-based Virtual Machine) emulated the IOAPIC. A privileged guest user could exploit this flaw to read host memory or cause a denial of service (crash the host). It was discovered that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information (read memory from another guest VM). Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-28 CVE Reserved
- 2020-01-28 CVE Published
- 2024-08-04 CVE Updated
- 2025-05-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html | X_refsource_misc |
|
| http://www.openwall.com/lists/oss-security/2020/01/28/4 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2020/02/02/1 | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20200313-0003 | X_refsource_confirm |
|
| https://www.openwall.com/lists/oss-security/2020/01/28/2 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html | 2020-06-10 | |
| https://usn.ubuntu.com/4318-1 | 2020-06-10 | |
| https://usn.ubuntu.com/4319-1 | 2020-06-10 | |
| https://usn.ubuntu.com/4320-1 | 2020-06-10 | |
| https://usn.ubuntu.com/4324-1 | 2020-06-10 | |
| https://usn.ubuntu.com/4325-1 | 2020-06-10 | |
| https://www.debian.org/security/2020/dsa-4667 | 2020-06-10 | |
| https://www.debian.org/security/2020/dsa-4698 | 2020-06-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.19 < 5.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19 < 5.5" | - |
Affected
| ||||||