CVE-2020-16119 log

Severity High
Remote Yes
Type Arbitrary code execution
Hadar Manor reported that by reusing a DCCP socket with an attached dccps_hc_tx_ccid as a listener,  in Linux <= 5.9, it will be used after being released, leading to a denial of service or possibly code execution.
Group Package Affected Fixed Severity Status Ticket
AVG-1247 linux-lts 5.4.93-1 5.4.93-2 High Fixed FS#68257
AVG-1246 linux-zen 5.9.7.zen1-1 5.10.2.zen1-1 High Fixed FS#68257
AVG-1245 linux-hardened 5.9.8.a-1 5.9.9.a-1 High Fixed FS#68257
AVG-1244 linux 5.9.7.arch1-1 5.10.2.arch1-1 High Fixed FS#68257
It was introduced by:

 2677d20677314101293e6da0094ede7b5526d2b1 "dccp: don't free
 ccid2_hc_tx_sock struct in dccp_disconnect()"

Proposed fixes have been posted to:

To mitigate this on systems that have DCCP enabled but do not use it, block module autoloading via adding the following to /etc/modprobe.d/blacklist-dccp.conf:

   alias net-pf-2-proto-0-type-6 off
   alias net-pf-2-proto-33-type-6 off
   alias net-pf-10-proto-0-type-6 off
   alias net-pf-10-proto-33-type-6 off

Alternatively, to prevent the dccp module from being loaded entirely, add:

  blacklist dccp
  install dccp /bin/false