APPLIED Re: [SRU Focal:oem-5.6 0/1] CVE-2020-26088
tjaalton at ubuntu.com
Tue Oct 6 13:27:22 UTC 2020
On 29.9.2020 14.31, Thadeu Lima de Souza Cascardo wrote:
> A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in
> the Linux kernel before 5.8.2 could be used by local attackers to create
> raw sockets, bypassing security mechanisms, aka CID-26896f01467a.
> [Test case]
> I tried creating a socket(AF_NFC, SOCK_RAW, 0);.
> It should fail with EPERM as an unprivileged user, that is, one without
> CAP_NET_RAW. It should work as a privileged user.
> The test passes (that is, socket returns EPERM) with the latest 5.4 kernel, it
> fails with the latest oem-5.6 kernel, and passes with a oem-5.6 kernel with
> this patch applied.
> [Potential regression]
> Userspace that relies on such behavior (creating RAW NFC sockets without
> CAP_NET_RAW) will break.
> Qingyu Li (1):
> net/nfc/rawsock.c: add CAP_NET_RAW check.
> net/nfc/rawsock.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
applied to oem-5.6, thanks
More information about the kernel-team