[SRU Focal,Focal/oem-5.6,Groovy] CVE-2020-14386
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Fri Sep 4 18:31:35 UTC 2020
[Impact]
Unprivileged user can crash the system using user namespaces and packet
sockets.
[Test case] A PoC that crashes the system has been available at [1]. It has
been used to test this, after changing 'ifconfig lo up', to 'ip link set lo up'.
[1] https://www.openwall.com/lists/oss-security/2020/09/03/3
[Potential regression]
AF_PACKET could be broken by this.
More information about the kernel-team
mailing list