fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket if the socket is being moved to a new parent directory and its old parent directory is being removed.

🗓️ 25 Sep 2020 07:00:00Reported by MicrosoftType

Linux kernel before 5.5 has may_create_in_sticky use-after-free in namei; local users can cause OOPS or information leak.

Reporter	Title	Published	Views	Family All 261
Android Security Bulletins	Android Security Bulletin—June 2020Stay organized with collectionsSave and categorize content based on your preferences.	1 Jun 202000:00	–	androidsecurity
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus	22 Feb 202000:41	–	ibm
BDU FSTEC	The vulnerability in the fs/namei.c function of the Linux operating system allows a hacker to cause a service failure.	4 Mar 202000:00	–	bdu_fstec
CBLMariner	CVE-2020-8428 affecting package kernel 5.4.91-6	6 Apr 202123:51	–	cbl_mariner
Cloud Foundry	USN-4318-1: Linux kernel vulnerabilities \| Cloud Foundry	14 May 202000:00	–	cloudfoundry
CNVD	Linux kernel may_create_in_sticky denial-of-service vulnerability	4 Feb 202000:00	–	cnvd
CVE	CVE-2020-8428	28 Jan 202023:43	–	cve
Cvelist	CVE-2020-8428	28 Jan 202023:43	–	cvelist
Debian	[SECURITY] [DLA 2242-1] linux-4.9 security update	10 Jun 202010:48	–	debian
Debian	[SECURITY] [DSA 4667-1] linux security update	28 Apr 202020:33	–	debian