Back to search
CVE-2020-8428
Published: Jan 28, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.openwall.com/lists/oss-security/2020/01/28/2
x_refsource_MISC
[oss-security] 20200129 Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)
mailing-list
x_refsource_MLIST
[oss-security] 20200202 Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)
mailing-list
x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20200313-0003/
x_refsource_CONFIRM
openSUSE-SU-2020:0336
vendor-advisory
x_refsource_SUSE
USN-4320-1
vendor-advisory
x_refsource_UBUNTU
USN-4318-1
vendor-advisory
x_refsource_UBUNTU
USN-4324-1
vendor-advisory
x_refsource_UBUNTU
USN-4325-1
vendor-advisory
x_refsource_UBUNTU
USN-4319-1
vendor-advisory
x_refsource_UBUNTU
DSA-4667
vendor-advisory
x_refsource_DEBIAN
[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
mailing-list
x_refsource_MLIST
DSA-4698
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now