PT-2020-2663 · Linux+6 · Linux Kernel+6
Published
2020-02-22
·
Updated
2022-04-22
·
CVE-2020-10942
CVSS v2.0
5.4
Medium
| Vector | AV:L/AC:M/Au:N/C:N/I:P/A:C |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 5.5.8
Description
The issue is related to a lack of validation of the
sk family field in the get raw socket function in the Linux kernel, which might allow attackers to trigger kernel stack corruption via crafted system calls. This could potentially lead to a denial of service. The vulnerability is also described as a buffer overflow issue in memory, which could be exploited by a remote attacker.Recommendations
For Linux kernel versions prior to 5.5.8, update to version 5.5.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the
vhost-net driver to minimize the risk of exploitation. Avoid using the ioctl(VHOSTNETSETBACKEND) call on the /dev/vhost-net device until the issue is resolved.Exploit
Fix
Buffer Overflow
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu