[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2020-16119 - Linux kernel DCCP CCID structure use-after-free
From: Steve Beattie <steve.beattie () canonical ! com>
Date: 2020-10-13 17:23:52
Message-ID: 20201013172352.GA66549 () nxnw ! org
[Download RAW message or body]
Hello,
CVE-2020-16119 - Linux kernel DCCP CCID structure use-after-free
Hadar Manor reported that by reusing a DCCP socket with an attached
dccps_hc_tx_ccid as a listener, it will be used after being released,
leading to a denial of service or possibly code execution.
It was introduced by:
2677d20677314101293e6da0094ede7b5526d2b1 "dccp: don't free
ccid2_hc_tx_sock struct in dccp_disconnect()"
Proposed fixes have been posted to:
https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/
To mitigate this on systems that have DCCP enabled but do not
use it, block module autoloading via adding the following to
/etc/modprobe.d/blacklist-dccp.conf:
alias net-pf-2-proto-0-type-6 off
alias net-pf-2-proto-33-type-6 off
alias net-pf-10-proto-0-type-6 off
alias net-pf-10-proto-33-type-6 off
Alternatively, to prevent the dccp module from being loaded entirely,
add:
blacklist dccp
install dccp /bin/false
Thanks.
--
Steve Beattie
<sbeattie@ubuntu.com>
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic