CVE - CVE-2020-8428

CVE-ID
CVE-2020-8428	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://security.netapp.com/advisory/ntap-20200313-0003/ DEBIAN:DSA-4667 URL:https://www.debian.org/security/2020/dsa-4667 DEBIAN:DSA-4698 URL:https://www.debian.org/security/2020/dsa-4698 MISC:http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html MISC:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6 MISC:https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6 MISC:https://www.openwall.com/lists/oss-security/2020/01/28/2 MLIST:[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update URL:https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html MLIST:[oss-security] 20200129 Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2) URL:http://www.openwall.com/lists/oss-security/2020/01/28/4 MLIST:[oss-security] 20200202 Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2) URL:http://www.openwall.com/lists/oss-security/2020/02/02/1 SUSE:openSUSE-SU-2020:0336 URL:http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html UBUNTU:USN-4318-1 URL:https://usn.ubuntu.com/4318-1/ UBUNTU:USN-4319-1 URL:https://usn.ubuntu.com/4319-1/ UBUNTU:USN-4320-1 URL:https://usn.ubuntu.com/4320-1/ UBUNTU:USN-4324-1 URL:https://usn.ubuntu.com/4324-1/ UBUNTU:USN-4325-1 URL:https://usn.ubuntu.com/4325-1/
Assigning CNA
MITRE Corporation
Date Record Created
20200128	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20200128)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)