USN-4577-1

Details

Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-16119)

Giuseppe Scrivano discovered that the overlay file system in the Linux kernel did not properly perform permission checks in some situations. A local attacker could possibly use this to bypass intended restrictions and gain read access to restricted files. (CVE-2020-16120)

Affected Packages

Ubuntu:18.04:LTSlinux-gke-5.0

Fixed in:

5.0.0-1049.50

Ubuntu:18.04:LTSlinux-gke-5.3

Fixed in:

5.3.0-1038.40

Ubuntu:18.04:LTSlinux-hwe

Fixed in:

5.3.0-68.63

Ubuntu:18.04:LTSlinux-oem-osp1

Fixed in:

5.0.0-1069.75

Ubuntu:18.04:LTSlinux-raspi2-5.3

Fixed in:

5.3.0-1035.37

References

REPORThttps://ubuntu.com/security/CVE-2020-16119 REPORThttps://ubuntu.com/security/CVE-2020-16120 ADVISORYhttps://ubuntu.com/security/notices/USN-4577-1

USN-4577-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline