Published: 16/09/2020 Updated: 07/11/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 642

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

A flaw was found in the Linux kernel prior to 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 5.9.0
linux linux kernel
debian debian linux 9.0
fedoraproject fedora 33
opensuse leap 15.1

Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...

Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Topic An update for kpatch-patch is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...

An issue has been reported in the Linux kernel's handling of raw sockets This issue can be used locally to cause denial of service or local privilege escalation from unprivileged processes or from containers with the CAP_NET_RAW capability enabled See Also: marcinfo/?l=linux-netdev&m=159915549623724&w=2wwwopenwallcom/li ...

In binder_release_work of binderc, there is a possible use-after-free due to improper locking This could lead to local escalation of privilege in the kernel with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android kernelAndroid ID: A-161151868References: N/A (<a href=http ...

A local attacker with CAP_NET_RAW privileges can escalate privileges via a memory corruption in net/packet/af_packetc ...

A flaw was found in the Linux kernel Memory corruption can be exploited to gain root privileges from unprivileged processes The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2020-14386) ...

oss-sec mailing list archives   By Date By Thread </form>    Re: Containers-optimized OS (COS) membership in the linux-distros list   ...

oss-sec mailing list archives   By Date By Thread </form>    CVE-2020-14386: Linux kernel: af_packetc vulnerability   From: Or Cohen ...

Reproducer for CVE-2020-14386 Pre-built container: registrysvcciopenshiftorg/coreos/cve-2020-14386 You probably want to test against an explicit node, like this: apiVersion: v1 kind: Pod metadata: name: cve-2020-14386 spec: restartPolicy: Never nodeName: <yournode> containers: - name: cve-2020-14386 image: registrysvcciopenshiftorg/coreos/cve

A daily digest of the articles or videos I've found interesting, that I want to share with you.

Almost every single day I TLDR! Here, I list all the articles, blog posts, pages I've read, or videos I've watched, that I found interesting It's like a huge shared bookmarks registry with y'all! Or it's like a daily newsletter without newsletter Use Ctrl+F and find what you want Fun fact: Github only displays the readme until ~5000 lines I'm r

CVE type CVE-2020-14386 linux Network CVE-2020-27194 linux eBPF CVE-2020-8835 linux eBPF

CWE-787 https://seclists.org/oss-sec/2020/q3/146 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14386 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=acf69c946233259ab4d64f8869d4037a198c7f06 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html http://www.openwall.com/lists/oss-security/2021/09/17/2 http://www.openwall.com/lists/oss-security/2021/09/17/4 http://www.openwall.com/lists/oss-security/2021/09/21/1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNCPXERMUHPSGF6S2VVFL5NVVPBBFB63/https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2020:4331 https://github.com/sderosiaux/every-single-day-i-tldr https://alas.aws.amazon.com/ALAS-2020-1430.html

Get Started

CVE-2020-14386

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect