APPLIED Re: [SRU Focal:oem-5.6 0/1] CVE-2020-26088

Timo Aaltonen tjaalton at ubuntu.com
Tue Oct 6 13:27:22 UTC 2020


On 29.9.2020 14.31, Thadeu Lima de Souza Cascardo wrote:
> [Impact/Description]
>   A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in
>   the Linux kernel before 5.8.2 could be used by local attackers to create
>   raw sockets, bypassing security mechanisms, aka CID-26896f01467a.
> 
> [Test case]
> I tried creating a socket(AF_NFC, SOCK_RAW, 0);.
> 
> It should fail with EPERM as an unprivileged user, that is, one without
> CAP_NET_RAW. It should work as a privileged user.
> 
> The test passes (that is, socket returns EPERM) with the latest 5.4 kernel, it
> fails with the latest oem-5.6 kernel, and passes with a oem-5.6 kernel with
> this patch applied.
> 
> [Potential regression]
> Userspace that relies on such behavior (creating RAW NFC sockets without
> CAP_NET_RAW) will break.
> 
> Qingyu Li (1):
>    net/nfc/rawsock.c: add CAP_NET_RAW check.
> 
>   net/nfc/rawsock.c | 7 +++++--
>   1 file changed, 5 insertions(+), 2 deletions(-)
> 

applied to oem-5.6, thanks


-- 
t



More information about the kernel-team mailing list