1796939 – (CVE-2020-8428) CVE-2020-8428 kernel: use-after-free in fs/namei.c

Bug 1796939 (CVE-2020-8428) - CVE-2020-8428 kernel: use-after-free in fs/namei.c

Summary: CVE-2020-8428 kernel: use-after-free in fs/namei.c

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2020-8428
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1796940
Blocks:	1796943
TreeView+	depends on / blocked

Reported:	2020-01-31 15:00 UTC by Dhananjay Arunesh
Modified:	2023-03-24 16:55 UTC (History)
CC List:	47 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the Linux kernel. The may_create_in_sticky in fs/namei.c function has a possible use-after-free which can allow a local user to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed:	2020-09-24 14:41:06 UTC
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2020-01-31 15:00:10 UTC

A vulnerability was found in may_create_in_sticky in fs/namei.c of Linux kernel which has a possible use-after-free. This can allow a local user to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory. One attack vector may be an open system call for a UNIX domain socket if the socket file is being moved to a new parent directory and its old parent directory is being removed.

At this time no Red Hat products are affected by this flaw.

Reference:
http://www.openwall.com/lists/oss-security/2020/01/28/4
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6
https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6
https://www.openwall.com/lists/oss-security/2020/01/28/2

Comment 1 Dhananjay Arunesh 2020-01-31 15:00:40 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1796940]

Comment 2 Justin M. Forbes 2020-02-03 22:35:24 UTC

This was fixed for Fedora with the 5.4.16 stable kernel updates.

Comment 5 Wade Mealing 2020-02-04 02:40:30 UTC

I have requested a backport of the security feature here: https://bugzilla.redhat.com/show_bug.cgi?id=1797843 for Red Hat Enterprise Linux 8.

Comment 6 Wade Mealing 2020-02-07 03:28:41 UTC

Just to be clear, Red Hat Enterprise 8 is -not- affected by this flaw, the security feature has the flaw.

Comment 8 Product Security DevOps Team 2020-09-24 14:41:06 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-8428

Note You need to log in before you can comment on or make changes to this bug.

acaringi
airlied
bdettelb
bhu
blc
brdeoliv
bskeggs
dhoward
dvlasenk
esammons
esandeen
fhrbata
hdegoede
hkrzesin
iboverma
ichavero
itamar
jarodwilson
jeremy
jforbes
jglisse
jlelli
john.j5live
jonathan
josef
jross
jshortt
jstancek
jwboyer
kernel-maint
kernel-mgr
lgoncalv
linville
masami256
matt
mchehab
mcressma
mjg59
mlangsdo
nmurray
qzhao
rt-maint
rvrbovsk
steved
williams
wmealing
yozone