'[oss-security] CVE-2020-16119 - Linux kernel DCCP CCID structure use-after-free'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2020-16119 - Linux kernel DCCP CCID structure use-after-free
From:       Steve Beattie <steve.beattie () canonical ! com>
Date:       2020-10-13 17:23:52
Message-ID: 20201013172352.GA66549 () nxnw ! org
[Download RAW message or body]


Hello,

CVE-2020-16119 - Linux kernel DCCP CCID structure use-after-free

Hadar Manor reported that by reusing a DCCP socket with an attached
dccps_hc_tx_ccid as a listener, it will be used after being released,
leading to a denial of service or possibly code execution.

It was introduced by:

 2677d20677314101293e6da0094ede7b5526d2b1 "dccp: don't free
 ccid2_hc_tx_sock struct in dccp_disconnect()"

Proposed fixes have been posted to:
  https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/

To mitigate this on systems that have DCCP enabled but do not
use it, block module autoloading via adding the following to
/etc/modprobe.d/blacklist-dccp.conf:

   alias net-pf-2-proto-0-type-6 off
   alias net-pf-2-proto-33-type-6 off
   alias net-pf-10-proto-0-type-6 off
   alias net-pf-10-proto-33-type-6 off

Alternatively, to prevent the dccp module from being loaded entirely,
add:

  blacklist dccp
  install dccp /bin/false

Thanks.

-- 
Steve Beattie
<sbeattie@ubuntu.com>

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic