Your submission was sent successfully! Close

CVE-2020-16119

Published: 13 October 2020

Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.

From the Ubuntu security team

Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

Mitigation

Blacklist the dccp ipv[46] autoloading aliases by adding the following
lines to /etc/modprobe.d/blacklist-dccp.conf:
  alias net-pf-2-proto-0-type-6 off
  alias net-pf-2-proto-33-type-6 off
  alias net-pf-10-proto-0-type-6 off
  alias net-pf-10-proto-33-type-6 off
Priority

High

CVSS 3 base score: 7.8

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-121.123)
focal
Released (5.4.0-51.56)
groovy Not vulnerable
(5.8.0-23.24)
precise
Released (3.2.0-149.196)
trusty
Released (3.13.0-182.233)
upstream Needs triage

xenial
Released (4.4.0-193.224)
linux-aws
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1086.91)
focal
Released (5.4.0-1028.29)
groovy Not vulnerable
(5.8.0-1010.10)
precise Does not exist

trusty
Released (4.4.0-1081.85)
upstream Needs triage

xenial
Released (4.4.0-1117.131)
linux-aws-5.0
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-aws-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-aws-5.4
Launchpad, Ubuntu, Debian
bionic
Released (5.4.0-1028.29~18.04.1)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-aws-hwe
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial
Released (4.15.0-1085.90~16.04.1)
linux-azure
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal
Released (5.4.0-1031.32)
groovy Not vulnerable
(5.8.0-1010.10)
precise Does not exist

trusty
Released (4.15.0-1098.109~14.04.1)
upstream Needs triage

xenial
Released (4.15.0-1098.109~16.04.1)
linux-azure-4.15
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1099.110)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-azure-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-azure-5.4
Launchpad, Ubuntu, Debian
bionic
Released (5.4.0-1031.32~18.04.1)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-azure-edge
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-gcp
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal
Released (5.4.0-1028.29)
groovy Not vulnerable
(5.8.0-1008.8)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial
Released (4.15.0-1086.98~16.04.1)
linux-gcp-4.15
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1086.98)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-gcp-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-gcp-5.4
Launchpad, Ubuntu, Debian
bionic
Released (5.4.0-1028.29~18.04.1)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-gcp-edge
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-gke-4.15
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1072.76)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-gke-5.0
Launchpad, Ubuntu, Debian
bionic
Released (5.0.0-1049.50)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-gke-5.3
Launchpad, Ubuntu, Debian
bionic
Released (5.3.0-1038.40)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-hwe
Launchpad, Ubuntu, Debian
bionic
Released (5.3.0-68.63)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial
Released (4.15.0-120.122~16.04.1)
linux-hwe-5.4
Launchpad, Ubuntu, Debian
bionic
Released (5.4.0-51.56~18.04.1)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-hwe-edge
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(was needs-triage now end-of-life)
linux-kvm
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1077.79)
focal
Released (5.4.0-1026.27)
groovy Not vulnerable
(5.8.0-1008.8)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial
Released (4.4.0-1082.91)
linux-lts-trusty
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

precise
Released (3.13.0-182.233~12.04.1)
trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-lts-xenial
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

precise Does not exist

trusty
Released (4.4.0-193.224~14.04.1)
upstream Needs triage

xenial Does not exist

linux-oem
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1099.109)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(was needs-triage now end-of-life)
linux-oem-5.6
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.6.0-1031.32)
groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-oem-osp1
Launchpad, Ubuntu, Debian
bionic
Released (5.0.0-1069.75)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-oracle
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1057.62)
focal
Released (5.4.0-1028.29)
groovy Not vulnerable
(5.8.0-1007.7)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial
Released (4.15.0-1056.61~16.04.1)
linux-oracle-5.0
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-oracle-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-oracle-5.4
Launchpad, Ubuntu, Debian
bionic
Released (5.4.0-1028.29~18.04.1)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-raspi
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.4.0-1021.24)
groovy Not vulnerable
(5.8.0-1006.9)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-raspi-5.4
Launchpad, Ubuntu, Debian
bionic
Released (5.4.0-1021.24~18.04.1)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1073.78)
focal Ignored
(was needs-triage now end-of-life)
groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial
Released (4.4.0-1141.151)
linux-raspi2-5.3
Launchpad, Ubuntu, Debian
bionic
Released (5.3.0-1035.37)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-riscv
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.4.0-36.41)
groovy Not vulnerable
(5.8.0-7.7)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-snapdragon
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1089.98)
focal Does not exist

groovy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial
Released (4.4.0-1145.155)