oss-sec mailing list archives
CVE-2020-16119 - Linux kernel DCCP CCID structure use-after-free
From: Steve Beattie <steve.beattie () canonical com>
Date: Tue, 13 Oct 2020 10:23:52 -0700
Hello, CVE-2020-16119 - Linux kernel DCCP CCID structure use-after-free Hadar Manor reported that by reusing a DCCP socket with an attached dccps_hc_tx_ccid as a listener, it will be used after being released, leading to a denial of service or possibly code execution. It was introduced by: 2677d20677314101293e6da0094ede7b5526d2b1 "dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()" Proposed fixes have been posted to: https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza () canonical com/T/ To mitigate this on systems that have DCCP enabled but do not use it, block module autoloading via adding the following to /etc/modprobe.d/blacklist-dccp.conf: alias net-pf-2-proto-0-type-6 off alias net-pf-2-proto-33-type-6 off alias net-pf-10-proto-0-type-6 off alias net-pf-10-proto-33-type-6 off Alternatively, to prevent the dccp module from being loaded entirely, add: blacklist dccp install dccp /bin/false Thanks. -- Steve Beattie <sbeattie () ubuntu com>
Attachment:
signature.asc
Description:
Current thread:
- CVE-2020-16119 - Linux kernel DCCP CCID structure use-after-free Steve Beattie (Oct 13)