Bug 1886387 (CVE-2020-16120)
Summary: | CVE-2020-16120 kernel: incorrect unprivileged overlayfs permission checking may lead to information disclosure | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, airlied, bhu, blc, bmasney, dvlasenk, hdegoede, hkrzesin, ichavero, itamar, jarodwilson, jeremy, jforbes, jlelli, john.j5live, jonathan, josef, jross, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, mchehab, mjg59, mlangsdo, mszeredi, nmurray, ptalbert, qzhao, rkeshri, rt-maint, rvrbovsk, steved, williams, wmealing |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in the User namespace on an overlay filesystem in the Linux Kernel, Where a file with no access privilege was able to copy the file to a user defined mount point. An attacker with a special user privilege locally may lead to a kernel information leak problem.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1892250, 1892251, 1892252, 1892253, 1892254, 1892255, 1892256, 1904922, 1904923, 1904924, 1904925, 1904926 | ||
Bug Blocks: | 1886388 |
Description
Marian Rehak
2020-10-08 10:59:58 UTC
It is my understanding that the attacker must have a number of conditions in place for this attack to work correctly. The target file must exist on an overlay filesystem. The target file must be accessible in the namespace. The destination must be writable by the exploiting target. This doesn't mean that the attacker can choose what the target is, only that the information within the original file can accessed by bypassing existing permissions.. Mitigation: Red Hat feels this flaw needs a number of conditions in place for the attacker to exploit, and the mitigation for this issue is to avoid a target file t existing on an overlay filesystem, accessible in the namespace, which is writable by the exploiting target. |