[SRU Focal:oem-5.6 0/1] CVE-2020-26088
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Tue Sep 29 11:31:38 UTC 2020
[Impact/Description]
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in
the Linux kernel before 5.8.2 could be used by local attackers to create
raw sockets, bypassing security mechanisms, aka CID-26896f01467a.
[Test case]
I tried creating a socket(AF_NFC, SOCK_RAW, 0);.
It should fail with EPERM as an unprivileged user, that is, one without
CAP_NET_RAW. It should work as a privileged user.
The test passes (that is, socket returns EPERM) with the latest 5.4 kernel, it
fails with the latest oem-5.6 kernel, and passes with a oem-5.6 kernel with
this patch applied.
[Potential regression]
Userspace that relies on such behavior (creating RAW NFC sockets without
CAP_NET_RAW) will break.
Qingyu Li (1):
net/nfc/rawsock.c: add CAP_NET_RAW check.
net/nfc/rawsock.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--
2.25.1
More information about the kernel-team
mailing list