---

CVE-2020-16119 - log back

CVE-2020-16119 edited at 14 Oct 2020 15:55:20
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary code execution
Description	+ Hadar Manor reported that by reusing a DCCP socket with an attached dccps_hc_tx_ccid as a listener, in Linux <= 5.9, it will be used after being released, leading to a denial of service or possibly code execution.
References	+ https://www.openwall.com/lists/oss-security/2020/10/13/7 + https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/
Notes	+ It was introduced by: + + 2677d20677314101293e6da0094ede7b5526d2b1 "dccp: don't free + ccid2_hc_tx_sock struct in dccp_disconnect()" + + Proposed fixes have been posted to: + https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/ + + To mitigate this on systems that have DCCP enabled but do not use it, block module autoloading via adding the following to /etc/modprobe.d/blacklist-dccp.conf: + + alias net-pf-2-proto-0-type-6 off + alias net-pf-2-proto-33-type-6 off + alias net-pf-10-proto-0-type-6 off + alias net-pf-10-proto-33-type-6 off + + Alternatively, to prevent the dccp module from being loaded entirely, add: + + blacklist dccp + install dccp /bin/false

CVE-2020-16119 created at 14 Oct 2020 15:48:59