1. Home
  2. Vulnerabilities
  3. CVE-2020-8428

CVE-2020-8428

CVSS v3.1 7.1 (High)
71% Progress
CVSS v2.0 3.6 (Low)
36% Progress
EPSS 0.04 % (11th)
0.04% Progress
Affected Products 1
Advisories 19
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed.

Weaknesses
CWE-416
Use After Free
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2020-01-29 00:15:10
(4 years ago)
Updated Date
2020-06-10 20:15:14
(4 years ago)

Affected Products

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel from 4.19 version and prior 5.5 version cpe:2.3:o:linux:linux_kernel >= 4.19 < 5.5