Lucene search

K

[email protected]NVD:CVE-2020-8428

HistoryJan 29, 2020 - 12:15 a.m.

CVE-2020-8428

2020-01-2900:15:10

CWE-416

[email protected]

web.nvd.nist.gov

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed.

Affected configurations

NVD

Node

linuxlinux_kernelRange4.19–5.5

References

lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html

packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html

www.openwall.com/lists/oss-security/2020/01/28/4

www.openwall.com/lists/oss-security/2020/02/02/1

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6

github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6

lists.debian.org/debian-lts-announce/2020/06/msg00012.html

security.netapp.com/advisory/ntap-20200313-0003/

usn.ubuntu.com/4318-1/

usn.ubuntu.com/4319-1/

usn.ubuntu.com/4320-1/

usn.ubuntu.com/4324-1/

usn.ubuntu.com/4325-1/

www.debian.org/security/2020/dsa-4667

www.debian.org/security/2020/dsa-4698

www.openwall.com/lists/oss-security/2020/01/28/2

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

Related for NVD:CVE-2020-8428

cve1 photon6 prion1 cbl_mariner1 ubuntu6 cvelist1 openvas21 redhatcve1 nessus21 ubuntucve1 debiancve1 cloudfoundry1 mageia2 osv3 debian5 threatpost1 ibm1 suse1