From 87f4a9a5455a1e7d174122db3d9bdee953240c57 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 13 Oct 2020 19:52:05 +0200
Subject: Add CVE-2020-16120

---
 active/CVE-2020-16120 | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 active/CVE-2020-16120

diff --git a/active/CVE-2020-16120 b/active/CVE-2020-16120
new file mode 100644
index 00000000..826be1c6
--- /dev/null
+++ b/active/CVE-2020-16120
@@ -0,0 +1,18 @@
+Description: incorrect unprivileged overlayfs permission checking
+References:
+ https://www.openwall.com/lists/oss-security/2020/10/13/6
+Notes:
+ carnil> Additionally to the three fixing commits
+ carnil> 130fdbc3d1f9966dd4230709c30f3768bccd3065 ("ovl: pass correct
+ carnil> flags for opening real directory") and
+ carnil> 292f902a40c11f043a5ca1305a114da0e523eaa3 ("ovl: call secutiry
+ carnil> hook in ovl_real_ioctl()") might be wanted (see oss-security
+ carnil> post).
+ carnil> Only exploitable when unprivileged user namespaces are enabled.
+Bugs:
+upstream: released (5.8-rc1) [48bd024b8a40d73ad6b086de2615738da0c7004f, 56230d956739b9cb1cbde439d76227d77979a04d, 05acefb4872dae89e772729efb194af754c877e8]
+4.19-upstream-stable:
+4.9-upstream-stable:
+sid:
+4.19-buster-security:
+4.9-stretch-security:
-- 
cgit v1.2.3