Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-8428
HistoryJan 29, 2020 - 12:00 a.m.

CVE-2020-8428

2020-01-2900:00:00
ubuntu.com
ubuntu.com
24

0.0004 Low

EPSS

Percentile

9.7%

fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky
use-after-free, which allows local users to cause a denial of service
(OOPS) or possibly obtain sensitive information from kernel memory, aka
CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX
domain socket, if the socket is being moved to a new parent directory and
its old parent directory is being removed.

Notes

Author Note
alexmurray Original fix caused a regression so need second commit as well
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-96.97UNKNOWN
ubuntu19.10noarchlinux< 5.3.0-46.38UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-177.207UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1065.69UNKNOWN
ubuntu19.10noarchlinux-aws< 5.3.0-1016.17UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1065.69) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1105.116UNKNOWN
ubuntu16.04noarchlinux-aws-hwe< 4.15.0-1065.69~16.04.1UNKNOWN
ubuntu18.04noarchlinux-azure< 5.0.0-1036.38UNKNOWN
ubuntu19.10noarchlinux-azure< 5.3.0-1019.20UNKNOWN
Rows per page:
1-10 of 411