CVE-2020-16119 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Arbitrary code execution |
| Description | Hadar Manor reported that by reusing a DCCP socket with an attached dccps_hc_tx_ccid as a listener, in Linux <= 5.9, it will be used after being released, leading to a denial of service or possibly code execution. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1247 | linux-lts | 5.4.93-1 | 5.4.93-2 | High | Fixed | FS#68257 |
| AVG-1246 | linux-zen | 5.9.7.zen1-1 | 5.10.2.zen1-1 | High | Fixed | FS#68257 |
| AVG-1245 | linux-hardened | 5.9.8.a-1 | 5.9.9.a-1 | High | Fixed | FS#68257 |
| AVG-1244 | linux | 5.9.7.arch1-1 | 5.10.2.arch1-1 | High | Fixed | FS#68257 |
| References |
|---|
https://www.openwall.com/lists/oss-security/2020/10/13/7 https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/ |
| Notes |
|---|
It was introduced by: 2677d20677314101293e6da0094ede7b5526d2b1 "dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()" Proposed fixes have been posted to: https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/ To mitigate this on systems that have DCCP enabled but do not use it, block module autoloading via adding the following to /etc/modprobe.d/blacklist-dccp.conf: alias net-pf-2-proto-0-type-6 off alias net-pf-2-proto-33-type-6 off alias net-pf-10-proto-0-type-6 off alias net-pf-10-proto-33-type-6 off Alternatively, to prevent the dccp module from being loaded entirely, add: blacklist dccp install dccp /bin/false |