oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2020-16119 - Linux kernel DCCP CCID structure use-after-free

From: Steve Beattie <steve.beattie () canonical com>
Date: Tue, 13 Oct 2020 10:23:52 -0700
Hello,

CVE-2020-16119 - Linux kernel DCCP CCID structure use-after-free

Hadar Manor reported that by reusing a DCCP socket with an attached
dccps_hc_tx_ccid as a listener, it will be used after being released,
leading to a denial of service or possibly code execution.

It was introduced by:

 2677d20677314101293e6da0094ede7b5526d2b1 "dccp: don't free
 ccid2_hc_tx_sock struct in dccp_disconnect()"

Proposed fixes have been posted to:
  https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza () canonical com/T/

To mitigate this on systems that have DCCP enabled but do not
use it, block module autoloading via adding the following to
/etc/modprobe.d/blacklist-dccp.conf:

   alias net-pf-2-proto-0-type-6 off
   alias net-pf-2-proto-33-type-6 off
   alias net-pf-10-proto-0-type-6 off
   alias net-pf-10-proto-33-type-6 off

Alternatively, to prevent the dccp module from being loaded entirely,
add:

  blacklist dccp
  install dccp /bin/false

Thanks.

-- 
Steve Beattie
<sbeattie () ubuntu com>

Attachment: signature.asc
Description:

Previous By Date Next
Previous By Thread Next

Current thread: