diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-10-13 19:52:05 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-10-13 19:52:05 +0200 |
commit | 87f4a9a5455a1e7d174122db3d9bdee953240c57 (patch) | |
tree | c8c06d74ed1f97cb3ccf2c6c06c58c985ca60f92 | |
parent | d56fcca280daea7ccc4e7f0cd2f5e3237f6ac024 (diff) |
Add CVE-2020-16120
-rw-r--r-- | active/CVE-2020-16120 | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/active/CVE-2020-16120 b/active/CVE-2020-16120 new file mode 100644 index 00000000..826be1c6 --- /dev/null +++ b/active/CVE-2020-16120 @@ -0,0 +1,18 @@ +Description: incorrect unprivileged overlayfs permission checking +References: + https://www.openwall.com/lists/oss-security/2020/10/13/6 +Notes: + carnil> Additionally to the three fixing commits + carnil> 130fdbc3d1f9966dd4230709c30f3768bccd3065 ("ovl: pass correct + carnil> flags for opening real directory") and + carnil> 292f902a40c11f043a5ca1305a114da0e523eaa3 ("ovl: call secutiry + carnil> hook in ovl_real_ioctl()") might be wanted (see oss-security + carnil> post). + carnil> Only exploitable when unprivileged user namespaces are enabled. +Bugs: +upstream: released (5.8-rc1) [48bd024b8a40d73ad6b086de2615738da0c7004f, 56230d956739b9cb1cbde439d76227d77979a04d, 05acefb4872dae89e772729efb194af754c877e8] +4.19-upstream-stable: +4.9-upstream-stable: +sid: +4.19-buster-security: +4.9-stretch-security: |