Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.1
CVSSv3

CVE-2020-8428

Published: 29/01/2020 Updated: 10/06/2020
CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8
VMScore: 320
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
Subscribe to Linux

Vulnerability Summary

fs/namei.c in the Linux kernel prior to 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

Vendor Advisories

Ubuntu Security Notice: linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-azure, linux-gcp, linux-gke-5.0, linux-oem-osp1, linux-oracle-5.0 vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-hwe vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerability
The system could be made to crash or expose sensitive information ...
Ubuntu Security Notice: linux, linux-aws, linux-gcp, linux-gcp-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-raspi2, linux-raspi2-5.3 vulnerabilities
Several security issues were fixed in the Linux kernel ...
Debian Security Advisories: DSA-4667-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak CVE-2020-2732 Paulo Bonzini discovered that the KVM implementation for Intel processors did not properly handle instruction emulation for L2 guests when nested virtualization is enabled This ...
Debian Security Advisories: DSA-4698-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2019-2182 Hanjun Guo and Lei Li reported a race condition in the arm64 virtual memory management code, which could lead to an information disclosure, denial of service (crash), or possibl ...

Mailing Lists

Full Disclosure: Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2) <!--X-Subject-Header-End--> <!--X ...

References

CWE-416https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6https://www.openwall.com/lists/oss-security/2020/01/28/2https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6http://www.openwall.com/lists/oss-security/2020/01/28/4http://www.openwall.com/lists/oss-security/2020/02/02/1https://security.netapp.com/advisory/ntap-20200313-0003/http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.htmlhttps://usn.ubuntu.com/4320-1/https://usn.ubuntu.com/4318-1/http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.htmlhttps://usn.ubuntu.com/4324-1/https://usn.ubuntu.com/4325-1/https://usn.ubuntu.com/4319-1/https://www.debian.org/security/2020/dsa-4667https://lists.debian.org/debian-lts-announce/2020/06/msg00012.htmlhttps://www.debian.org/security/2020/dsa-4698https://nvd.nist.govhttps://usn.ubuntu.com/4324-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook