Lucene search

[email protected]CVE-2020-8428

HistoryJan 29, 2020 - 12:15 a.m.

CVE-2020-8428

2020-01-2900:15:00

CWE-416

[email protected]

web.nvd.nist.gov

307

cve-2020-8428

linux kernel

vulnerability

denial of service

information disclosure

nvd

security advisory

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

6.6 Medium

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

0.0004 Low

EPSS

Percentile

9.3%

JSON

fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed.

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt5.5

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	5.5

References

lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html

packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html

www.openwall.com/lists/oss-security/2020/01/28/4

www.openwall.com/lists/oss-security/2020/02/02/1

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6

github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6

lists.debian.org/debian-lts-announce/2020/06/msg00012.html

security.netapp.com/advisory/ntap-20200313-0003/

usn.ubuntu.com/4318-1/

usn.ubuntu.com/4319-1/

usn.ubuntu.com/4320-1/

usn.ubuntu.com/4324-1/

usn.ubuntu.com/4325-1/

www.debian.org/security/2020/dsa-4667

www.debian.org/security/2020/dsa-4698

www.openwall.com/lists/oss-security/2020/01/28/2

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

6.6 Medium

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

0.0004 Low

EPSS

Percentile

9.3%

JSON

Related for CVE-2020-8428

prion1 cbl_mariner1 photon6 ubuntu6 nessus21 openvas21 redhatcve1 ubuntucve1 debiancve1 cloudfoundry1 mageia2 osv3 debian5 threatpost1 ibm1 suse1