Vulnerability Details : CVE-2020-8428
fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2020-8428
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-8428
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-8428
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.6
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:P |
3.9
|
4.9
|
NIST | |
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
1.8
|
5.2
|
NIST |
CWE ids for CVE-2020-8428
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-8428
-
https://usn.ubuntu.com/4318-1/
USN-4318-1: Linux kernel vulnerabilities | Ubuntu security notices
-
https://usn.ubuntu.com/4324-1/
USN-4324-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://www.openwall.com/lists/oss-security/2020/01/28/4
oss-security - Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)Mailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
[SECURITY] [DLA 2242-1] linux-4.9 security update
-
https://usn.ubuntu.com/4320-1/
USN-4320-1: Linux kernel vulnerability | Ubuntu security notices
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6
kernel/git/torvalds/linux.git - Linux kernel source treeMailing List;Patch;Vendor Advisory
-
https://usn.ubuntu.com/4319-1/
USN-4319-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html
Kernel Live Patch Security Notice LSN-0065-1 ≈ Packet Storm
-
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
[security-announce] openSUSE-SU-2020:0336-1: important: Security update
-
https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6
do_last(): fetch directory ->i_mode and ->i_uid before it's too late · torvalds/linux@d0cb501 · GitHubPatch;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2020/02/02/1
oss-security - Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)
-
https://www.debian.org/security/2020/dsa-4667
Debian -- Security Information -- DSA-4667-1 linux
-
https://usn.ubuntu.com/4325-1/
USN-4325-1: Linux kernel vulnerabilities | Ubuntu security notices
-
https://www.debian.org/security/2020/dsa-4698
Debian -- Security Information -- DSA-4698-1 linux
-
https://security.netapp.com/advisory/ntap-20200313-0003/
February 2020 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product Security
-
https://www.openwall.com/lists/oss-security/2020/01/28/2
oss-security - Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)Mailing List;Third Party Advisory
Jump to