Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#67853 - [linux] CVE-2020-14386

Attached to Project: Arch Linux
Opened by G3ro (G3ro) - Tuesday, 08 September 2020, 14:55 GMT
Last edited by freswa (frederik) - Thursday, 10 September 2020, 12:59 GMT
Task Type Bug Report
Category Kernel
Status Closed
Assigned To No-one
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
Details: https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14386.html

"Or Cohen discovered that the AF_PACKET implementation in the Linux kernel
did not properly perform bounds checking in some situations. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code."

Additional info:
* package version(s): 5.7 is mentioned in maillist: https://seclists.org/oss-sec/2020/q3/146
But I assume it applies to many more versions.

Patches are available.

I would like to know whether the kernel team wants to implement the patches?
Also because upstream seems a bit too calm about this.
This task depends upon

Closed by  freswa (frederik)
Thursday, 10 September 2020, 12:59 GMT
Reason for closing:  Fixed
Additional comments about closing:  5.8.8.arch1-1 linux-lts 5.4.64-1 linux-zen 5.8.8.zen1-1 linux-hardened 5.8.7.a-1
Comment by G3ro (G3ro) - Tuesday, 08 September 2020, 14:58 GMT
Patch from netdev branch: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=acf69c946233259ab4d64f8869d4037a198c7f06
Comment by G3ro (G3ro) - Tuesday, 08 September 2020, 15:00 GMT
I see, it is already mentioned in security notes: https://security.archlinux.org/CVE-2020-14386

Loading...