CVE-2020-8428

fs/namei.c in the Linux kernel before 5.5 has a maycreatein_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d0cb50185ae942b03c4327be322055d622dc79f6

Introduced

84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d

Fixed

d0cb50185ae942b03c4327be322055d622dc79f6

Affected versions

v4.*

v4.19

v4.20

v4.20-rc1

v4.20-rc2

v4.20-rc3

v4.20-rc4

v4.20-rc5

v4.20-rc6

v4.20-rc7

v5.*

v5.0

v5.0-rc1

v5.0-rc2

v5.0-rc3

v5.0-rc4

v5.0-rc5

v5.0-rc6

v5.0-rc7

v5.0-rc8

v5.1

v5.1-rc1

v5.1-rc2

v5.1-rc3

v5.1-rc4

v5.1-rc5

v5.1-rc6

v5.1-rc7

v5.2

v5.2-rc1

v5.2-rc2

v5.2-rc3

v5.2-rc4

v5.2-rc5

v5.2-rc6

v5.2-rc7

v5.3

v5.3-rc1

v5.3-rc2

v5.3-rc3

v5.3-rc4

v5.3-rc5

v5.3-rc6

v5.3-rc7

v5.3-rc8

v5.4

v5.4-rc1

v5.4-rc2

v5.4-rc3

v5.4-rc4

v5.4-rc5

v5.4-rc6

v5.4-rc7

v5.4-rc8

v5.5-rc1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8428.json"

vanir_signatures

[
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@d0cb50185ae942b03c4327be322055d622dc79f6",
        "digest": {
            "line_hashes": [
                "183303694077693542652105288420741792477",
                "61116852360545262404543996809397871158",
                "108169131585767862997235974413383306847",
                "250003972270826441510164165205070654232",
                "299834128296900803710288382407302162609",
                "189371052600217602668406318805593302538",
                "206288608714626840666316676508376668165",
                "163727205447897216483811428033365720349",
                "240423344772130112823087810648492532897",
                "9666057057028252992190421268334340000",
                "94596830910025110861983583047849447837",
                "88169244372375325130152108464674254568",
                "331823685357204683113013178415859990761",
                "40742194807263370911724999433933233056",
                "339153589783023463343199974593753087697",
                "103872134403335947170896002228044714419",
                "339627805777652225839697389390759294583",
                "114180495904910288191649450007108327964",
                "119676733212767097228467114126690476744",
                "199268702131810692232944623352767097849",
                "277171425690539451926974631356131899156",
                "32786349225433459159794653399904935982"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2020-8428-5f6a36d6",
        "deprecated": false,
        "target": {
            "file": "fs/namei.c"
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@d0cb50185ae942b03c4327be322055d622dc79f6",
        "digest": {
            "function_hash": "323788569106558752270672372249947951638",
            "length": 3265.0
        },
        "id": "CVE-2020-8428-7da13f94",
        "deprecated": false,
        "target": {
            "file": "fs/namei.c",
            "function": "do_last"
        }
    }
]