CVE-2020-16119 log

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
Hadar Manor reported that by reusing a DCCP socket with an attached dccps_hc_tx_ccid as a listener,  in Linux <= 5.9, it will be used after being released, leading to a denial of service or possibly code execution.
Group Package Affected Fixed Severity Status Ticket
AVG-1247 linux-lts 5.4.76-1 High Vulnerable
AVG-1246 linux-zen 5.9.7.zen1-1 High Vulnerable
AVG-1245 linux-hardened 5.9.8.a-1 High Vulnerable
AVG-1244 linux 5.9.7.arch1-1 High Vulnerable
References
https://www.openwall.com/lists/oss-security/2020/10/13/7
https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/
Notes
It was introduced by:

 2677d20677314101293e6da0094ede7b5526d2b1 "dccp: don't free
 ccid2_hc_tx_sock struct in dccp_disconnect()"

Proposed fixes have been posted to:
  https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/

To mitigate this on systems that have DCCP enabled but do not use it, block module autoloading via adding the following to /etc/modprobe.d/blacklist-dccp.conf:

   alias net-pf-2-proto-0-type-6 off
   alias net-pf-2-proto-33-type-6 off
   alias net-pf-10-proto-0-type-6 off
   alias net-pf-10-proto-33-type-6 off

Alternatively, to prevent the dccp module from being loaded entirely, add:

  blacklist dccp
  install dccp /bin/false