FS#67853 - [linux] CVE-2020-14386

Attached to Project: Arch Linux
Opened by G3ro (G3ro) - Tuesday, 08 September 2020, 14:55 GMT
Last edited by freswa (frederik) - Thursday, 10 September 2020, 12:59 GMT
Task Type Bug Report
Category Kernel
Status Closed
Assigned To No-one
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


Details: https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14386.html

"Or Cohen discovered that the AF_PACKET implementation in the Linux kernel
did not properly perform bounds checking in some situations. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code."

Additional info:
* package version(s): 5.7 is mentioned in maillist: https://seclists.org/oss-sec/2020/q3/146
But I assume it applies to many more versions.

Patches are available.

I would like to know whether the kernel team wants to implement the patches?
Also because upstream seems a bit too calm about this.
This task depends upon

Closed by  freswa (frederik)
Thursday, 10 September 2020, 12:59 GMT
Reason for closing:  Fixed
Additional comments about closing:  5.8.8.arch1-1 linux-lts 5.4.64-1 linux-zen 5.8.8.zen1-1 linux-hardened 5.8.7.a-1
Comment by G3ro (G3ro) - Tuesday, 08 September 2020, 14:58 GMT Comment by G3ro (G3ro) - Tuesday, 08 September 2020, 15:00 GMT
I see, it is already mentioned in security notes: https://security.archlinux.org/CVE-2020-14386