CVE-2020-14386 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Privilege escalation
Description	A memory corruption flaw was found in the Linux kernel before 5.9-rc4 in net/packet/af_packet.c. A local attacker with CAP_NET_RAW privileges can exploit this vulnerability to gain root privileges from unprivileged processes.

Group	Package	Affected	Fixed	Severity	Status
AVG-1237	linux-hardened	5.7.19.a-1	5.8.a-1	High	Fixed
AVG-1224	linux-zen	5.8.7.zen1-1	5.8.8.zen1-1	High	Fixed
AVG-1223	linux-lts	5.4.63-1	5.4.64-1	High	Fixed
AVG-1222	linux	5.8.7.arch1-1	5.8.8.arch1-1	High	Fixed

References
https://www.openwall.com/lists/oss-security/2020/09/03/3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=acf69c946233259ab4d64f8869d4037a198c7f06

Notes
Mitigation: If unprivileged user namespaces are not needed, set the kernel.unprivileged_userns_clone sysctl to 0: $ sudo sysctl kernel.unprivileged_userns_clone=0 This prevents straight forward exploitation, however the vulnerability can still be triggered by an attacker by gaining code execution to an unprivileged processes that has the CAP_NET_RAW capability set and the system does not restrict the capability.

Notes

Mitigation: If unprivileged user namespaces are not needed, set the kernel.unprivileged_userns_clone sysctl to 0:

$ sudo sysctl kernel.unprivileged_userns_clone=0

This prevents straight forward exploitation, however the vulnerability can still be triggered by an attacker by gaining code execution to an unprivileged processes that has the CAP_NET_RAW capability set and the system does not restrict the capability.