Bug 1886374 (CVE-2020-16119)
| Summary: | CVE-2020-16119 kernel: DCCP CCID structure use-after-free may lead to DoS or code execution | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | acaringi, airlied, asavkov, bhu, blc, bmasney, brdeoliv, bskeggs, chaekim, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jiji, jlelli, joe.lawrence, john.j5live, jonathan, josef, jpoimboe, jross, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, kpatch-maint, lgoncalv, lilhuang, linville, masami256, mchehab, mcressma, mjg59, mlangsdo, nmurray, pmatouse, ptalbert, qzhao, rhandlin, rt-maint, rvrbovsk, sdubroca, security-response-team, steved, sukulkar, williams, wmealing, ycote, yozone |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the Linux kernel. When reusing a socket with an attached dccps_hc_tx_ccid as a listener, the socket will be used after being released leading to denial of service (DoS) or a potential code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-11-08 01:23:14 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1887675, 1887676, 1887680, 1887682, 1887683, 1887684, 1887685, 1887686, 1887687, 1887688, 1887689, 1887691, 1887692, 1887696, 1887697, 1887698, 1887699, 1887700, 1887701, 1887702, 1888083, 1888198, 1888199, 1888200, 1888201 | ||
| Bug Blocks: | 1886377 | ||
|
Description
Marian Rehak
2020-10-08 10:20:56 UTC
Mitigation: Red Hat has previously automatically blacklisted the DCCP module in Red Hat Enterprise Linux 7.5 and later in /etc/modprobe.d/dccp-blacklist.conf. If this file does not exist with the above contents, the module can be prevented loading by running the command # echo "install dccp /bin/true" >> /etc/modprobe.d/dccp-blacklist.conf The system will need to be restarted if the DCCP module is loaded. In most circumstances, the DCCP kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services. Meta: The DCCP protocol is not a 'built in' or autoloaded protocol. A networked system sending DCCP packets to another host will not automatically load the dccp kernel module. The host must been or be using the DCCP protocol for it to load the kernel module on-demand. External References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16119 https://www.openwall.com/lists/oss-security/2020/10/13/7 https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/ Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1888083] FEDORA-2020-ce117eff51 has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report. I spent some time further confirming the bahvior. No RH products are affected as the commit is definitley required to work correctly. I hope that answers your question chaekim. |