CVE-2020-16119
Publication date 13 October 2020
Last updated 24 July 2024
Ubuntu priority
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.
From the Ubuntu Security Team
Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Mitigation
Blacklist the dccp ipv[46] autoloading aliases by adding the following lines to /etc/modprobe.d/blacklist-dccp.conf: alias net-pf-2-proto-0-type-6 off alias net-pf-2-proto-33-type-6 off alias net-pf-10-proto-0-type-6 off alias net-pf-10-proto-33-type-6 off
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| linux | ||
| 20.04 LTS focal |
Fixed 5.4.0-51.56
|
|
| 18.04 LTS bionic |
Fixed 4.15.0-121.123
|
|
| 16.04 LTS xenial |
Fixed 4.4.0-193.224
|
|
| 14.04 LTS trusty |
Fixed 3.13.0-182.233
|
|
| linux-aws | ||
| 20.04 LTS focal |
Fixed 5.4.0-1028.29
|
|
| 18.04 LTS bionic |
Fixed 4.15.0-1086.91
|
|
| 16.04 LTS xenial |
Fixed 4.4.0-1117.131
|
|
| 14.04 LTS trusty |
Fixed 4.4.0-1081.85
|
|
| linux-aws-5.0 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-aws-5.3 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-aws-5.4 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.4.0-1028.29~18.04.1
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-aws-hwe | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial |
Fixed 4.15.0-1085.90~16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
| linux-azure | ||
| 20.04 LTS focal |
Fixed 5.4.0-1031.32
|
|
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial |
Fixed 4.15.0-1098.109~16.04.1
|
|
| 14.04 LTS trusty |
Fixed 4.15.0-1098.109~14.04.1
|
|
| linux-azure-4.15 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 4.15.0-1099.110
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-azure-5.3 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-azure-5.4 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.4.0-1031.32~18.04.1
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-azure-edge | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gcp | ||
| 20.04 LTS focal |
Fixed 5.4.0-1028.29
|
|
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial |
Fixed 4.15.0-1086.98~16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
| linux-gcp-4.15 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 4.15.0-1086.98
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gcp-5.3 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gcp-5.4 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.4.0-1028.29~18.04.1
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gcp-edge | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gke-4.15 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 4.15.0-1072.76
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gke-5.0 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.0.0-1049.50
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gke-5.3 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.3.0-1038.40
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-hwe | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.3.0-68.63
|
|
| 16.04 LTS xenial |
Fixed 4.15.0-120.122~16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
| linux-hwe-5.4 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.4.0-51.56~18.04.1
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-hwe-edge | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Not in release | |
| linux-kvm | ||
| 20.04 LTS focal |
Fixed 5.4.0-1026.27
|
|
| 18.04 LTS bionic |
Fixed 4.15.0-1077.79
|
|
| 16.04 LTS xenial |
Fixed 4.4.0-1082.91
|
|
| 14.04 LTS trusty | Not in release | |
| linux-lts-trusty | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-xenial | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty |
Fixed 4.4.0-193.224~14.04.1
|
|
| linux-oem | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 4.15.0-1099.109
|
|
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Not in release | |
| linux-oem-5.6 | ||
| 20.04 LTS focal |
Fixed 5.6.0-1031.32
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oem-osp1 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.0.0-1069.75
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oracle | ||
| 20.04 LTS focal |
Fixed 5.4.0-1028.29
|
|
| 18.04 LTS bionic |
Fixed 4.15.0-1057.62
|
|
| 16.04 LTS xenial |
Fixed 4.15.0-1056.61~16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
| linux-oracle-5.0 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oracle-5.3 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oracle-5.4 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.4.0-1028.29~18.04.1
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-raspi | ||
| 20.04 LTS focal |
Fixed 5.4.0-1021.24
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-raspi-5.4 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.4.0-1021.24~18.04.1
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-raspi2 | ||
| 20.04 LTS focal | Ignored | |
| 18.04 LTS bionic |
Fixed 4.15.0-1073.78
|
|
| 16.04 LTS xenial |
Fixed 4.4.0-1141.151
|
|
| 14.04 LTS trusty | Not in release | |
| linux-raspi2-5.3 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.3.0-1035.37
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-riscv | ||
| 20.04 LTS focal |
Fixed 5.4.0-36.41
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-snapdragon | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 4.15.0-1089.98
|
|
| 16.04 LTS xenial |
Fixed 4.4.0-1145.155
|
|
| 14.04 LTS trusty | Not in release |
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu ProNotes
sbeattie
patch applied to the ubuntu-kernels was NACKed by upstream. The subsequent revision submitted upstream still needs rework and has not been accepted as of 2021-01-13.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.8 · High
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-4576-1
- Linux kernel vulnerabilities
- 14 October 2020
- USN-4577-1
- Linux kernel vulnerabilities
- 14 October 2020
- USN-4578-1
- Linux kernel vulnerabilities
- 14 October 2020
- USN-4579-1
- Linux kernel vulnerabilities
- 14 October 2020
- USN-4580-1
- Linux kernel vulnerability
- 14 October 2020
- LSN-0072-1
- Kernel Live Patch Security Notice
- 14 October 2020