Bug 1920474 (CVE-2020-0444) - CVE-2020-0444 kernel: bad kfree in auditfilter.c may lead to escalation of privilege
Summary: CVE-2020-0444 kernel: bad kfree in auditfilter.c may lead to escalation of pr...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-0444
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1814448 1920476 1921019 1921020 1921021 1921022 1921024 1921025 1921026 1921027 1921028 1921031 1921032 1921033 1921034 1921035 1921036 1921037 1921038 1921040 1921041 1921042 1921043 1921044 1921045 1921046 1921047 1921659 1921660 1921661 1921662 1921663 1922175 1922176 1922177 1922178 1922179 1922180 1922181 1922182 1922183 1922184 1951566
Blocks: 1920478
TreeView+ depends on / blocked
 
Reported: 2021-01-26 11:40 UTC by Marian Rehak
Modified: 2022-05-17 08:43 UTC (History)
55 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel. A logic error in audit_data_to_entry can lead to a local escalation of privilege without user interaction needed. A local attacker with special user privilege could crash the system leading to information leak. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Clone Of:
Environment:
Last Closed: 2021-03-03 13:01:51 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:0686 0 None None None 2021-03-02 10:42:27 UTC
Red Hat Product Errata RHSA-2021:0689 0 None None None 2021-03-02 10:43:40 UTC
Red Hat Product Errata RHSA-2021:0763 0 None None None 2021-03-09 09:35:14 UTC
Red Hat Product Errata RHSA-2021:0765 0 None None None 2021-03-09 11:10:11 UTC
Red Hat Product Errata RHSA-2021:0774 0 None None None 2021-03-09 10:23:04 UTC

Description Marian Rehak 2021-01-26 11:40:15 UTC
In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Reference:

https://android.googlesource.com/kernel/common/+/2ad3e17ebf94b7b7f3f64c050ff168f9915345eb

Comment 1 Marian Rehak 2021-01-26 11:46:50 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1920476]

Comment 2 Justin M. Forbes 2021-01-26 20:07:24 UTC
This issue was fixed for Fedora with the 5.5.8 stable kernel updates.

Comment 9 Wade Mealing 2021-01-28 00:44:48 UTC
Mitigation:

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Comment 13 errata-xmlrpc 2021-03-02 10:42:20 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:0686 https://access.redhat.com/errata/RHSA-2021:0686

Comment 14 errata-xmlrpc 2021-03-02 10:43:34 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:0689 https://access.redhat.com/errata/RHSA-2021:0689

Comment 15 Product Security DevOps Team 2021-03-03 13:01:51 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-0444

Comment 16 errata-xmlrpc 2021-03-09 09:35:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:0763 https://access.redhat.com/errata/RHSA-2021:0763

Comment 17 errata-xmlrpc 2021-03-09 10:22:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:0774 https://access.redhat.com/errata/RHSA-2021:0774

Comment 18 errata-xmlrpc 2021-03-09 11:09:57 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:0765 https://access.redhat.com/errata/RHSA-2021:0765


Note You need to log in before you can comment on or make changes to this bug.