cvelistv5 - cve-2020-16120

Source	URL	Tags
security@ubuntu.com	https://git.kernel.org/linus/05acefb4872dae89e772729efb194af754c877e8	Patch, Third Party Advisory
security@ubuntu.com	https://git.kernel.org/linus/48bd024b8a40d73ad6b086de2615738da0c7004f	Patch, Third Party Advisory
security@ubuntu.com	https://git.kernel.org/linus/56230d956739b9cb1cbde439d76227d77979a04d	Patch, Third Party Advisory
security@ubuntu.com	https://git.kernel.org/linus/b6650dab404c701d7fe08a108b746542a934da84	Patch, Third Party Advisory
security@ubuntu.com	https://git.kernel.org/linus/d1d04ef8572bc8c22265057bd3d5a79f223f8f52	Patch, Third Party Advisory
security@ubuntu.com	https://launchpad.net/bugs/1894980	Issue Tracking, Patch, Third Party Advisory
security@ubuntu.com	https://launchpad.net/bugs/1900141	Issue Tracking, Third Party Advisory
security@ubuntu.com	https://ubuntu.com/USN-4576-1	Third Party Advisory
security@ubuntu.com	https://ubuntu.com/USN-4577-1	Third Party Advisory
security@ubuntu.com	https://ubuntu.com/USN-4578-1	Third Party Advisory
security@ubuntu.com	https://www.openwall.com/lists/oss-security/2020/10/14/2	Mailing List, Third Party Advisory

Vendor	Product
Linux kernel	Linux kernel

ghsa-q6jw-34cj-733v

Vulnerability from github

Published

2022-05-24 17:41

Modified

2022-05-24 17:41

Details

Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify permissions in ovl_path_open()"), 48bd024 ("ovl: switch to mounter creds in readdir") and 05acefb ("ovl: check permission to open real file"). Additionally, commits 130fdbc ("ovl: pass correct flags for opening real directory") and 292f902 ("ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da ("ovl: do not fail because of O_NOATIMEi") in kernel 5.11.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-16120"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-10T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef (\"ovl: stack file ops\"). This was fixed in kernel version 5.8 by commits 56230d9 (\"ovl: verify permissions in ovl_path_open()\"), 48bd024 (\"ovl: switch to mounter creds in readdir\") and 05acefb (\"ovl: check permission to open real file\"). Additionally, commits 130fdbc (\"ovl: pass correct flags for opening real directory\") and 292f902 (\"ovl: call secutiry hook in ovl_real_ioctl()\") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da (\"ovl: do not fail because of O_NOATIMEi\") in kernel 5.11.",
  "id": "GHSA-q6jw-34cj-733v",
  "modified": "2022-05-24T17:41:41Z",
  "published": "2022-05-24T17:41:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16120"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/linus/05acefb4872dae89e772729efb194af754c877e8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/linus/48bd024b8a40d73ad6b086de2615738da0c7004f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/linus/56230d956739b9cb1cbde439d76227d77979a04d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/linus/b6650dab404c701d7fe08a108b746542a934da84"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/linus/d1d04ef8572bc8c22265057bd3d5a79f223f8f52"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.net/bugs/1894980"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.net/bugs/1900141"
    },
    {
      "type": "WEB",
      "url": "https://ubuntu.com/USN-4576-1"
    },
    {
      "type": "WEB",
      "url": "https://ubuntu.com/USN-4577-1"
    },
    {
      "type": "WEB",
      "url": "https://ubuntu.com/USN-4578-1"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2020/10/14/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2020-16120

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify permissions in ovl_path_open()"), 48bd024 ("ovl: switch to mounter creds in readdir") and 05acefb ("ovl: check permission to open real file"). Additionally, commits 130fdbc ("ovl: pass correct flags for opening real directory") and 292f902 ("ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da ("ovl: do not fail because of O_NOATIMEi") in kernel 5.11.

Aliases

CVE-2020-16120

Aliases

CVE-2020-16120

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-16120",
    "description": "Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef (\"ovl: stack file ops\"). This was fixed in kernel version 5.8 by commits 56230d9 (\"ovl: verify permissions in ovl_path_open()\"), 48bd024 (\"ovl: switch to mounter creds in readdir\") and 05acefb (\"ovl: check permission to open real file\"). Additionally, commits 130fdbc (\"ovl: pass correct flags for opening real directory\") and 292f902 (\"ovl: call secutiry hook in ovl_real_ioctl()\") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da (\"ovl: do not fail because of O_NOATIMEi\") in kernel 5.11.",
    "id": "GSD-2020-16120",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-16120.html",
      "https://ubuntu.com/security/CVE-2020-16120",
      "https://security.archlinux.org/CVE-2020-16120",
      "https://linux.oracle.com/cve/CVE-2020-16120.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-16120"
      ],
      "details": "Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef (\"ovl: stack file ops\"). This was fixed in kernel version 5.8 by commits 56230d9 (\"ovl: verify permissions in ovl_path_open()\"), 48bd024 (\"ovl: switch to mounter creds in readdir\") and 05acefb (\"ovl: check permission to open real file\"). Additionally, commits 130fdbc (\"ovl: pass correct flags for opening real directory\") and 292f902 (\"ovl: call secutiry hook in ovl_real_ioctl()\") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da (\"ovl: do not fail because of O_NOATIMEi\") in kernel 5.11.",
      "id": "GSD-2020-16120",
      "modified": "2023-12-13T01:21:46.615179Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "AKA": "",
        "ASSIGNER": "security@ubuntu.com",
        "DATE_PUBLIC": "2020-10-13T16:00:00.000Z",
        "ID": "CVE-2020-16120",
        "STATE": "PUBLIC",
        "TITLE": "Unprivileged overlay + shiftfs read access"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Linux kernel",
                    "version": {
                      "version_data": [
                        {
                          "platform": "",
                          "version_affected": "\u003c",
                          "version_name": "5.11-stable",
                          "version_value": "5.11.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Linux kernel"
            }
          ]
        }
      },
      "configuration": [],
      "credit": [
        {
          "lang": "eng",
          "value": "Giuseppe Scrivano"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef (\"ovl: stack file ops\"). This was fixed in kernel version 5.8 by commits 56230d9 (\"ovl: verify permissions in ovl_path_open()\"), 48bd024 (\"ovl: switch to mounter creds in readdir\") and 05acefb (\"ovl: check permission to open real file\"). Additionally, commits 130fdbc (\"ovl: pass correct flags for opening real directory\") and 292f902 (\"ovl: call secutiry hook in ovl_real_ioctl()\") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da (\"ovl: do not fail because of O_NOATIMEi\") in kernel 5.11."
          }
        ]
      },
      "exploit": [],
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-266 Incorrect Privilege Assignment"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ubuntu.com/USN-4576-1",
            "refsource": "UBUNTU",
            "url": "https://ubuntu.com/USN-4576-1"
          },
          {
            "name": "https://ubuntu.com/USN-4577-1",
            "refsource": "UBUNTU",
            "url": "https://ubuntu.com/USN-4577-1"
          },
          {
            "name": "https://ubuntu.com/USN-4578-1",
            "refsource": "UBUNTU",
            "url": "https://ubuntu.com/USN-4578-1"
          },
          {
            "name": "https://www.openwall.com/lists/oss-security/2020/10/14/2",
            "refsource": "CONFIRM",
            "url": "https://www.openwall.com/lists/oss-security/2020/10/14/2"
          },
          {
            "name": "https://launchpad.net/bugs/1894980",
            "refsource": "UBUNTU",
            "url": "https://launchpad.net/bugs/1894980"
          },
          {
            "name": "https://launchpad.net/bugs/1900141",
            "refsource": "UBUNTU",
            "url": "https://launchpad.net/bugs/1900141"
          },
          {
            "name": "https://git.kernel.org/linus/56230d956739b9cb1cbde439d76227d77979a04d",
            "refsource": "CONFIRM",
            "url": "https://git.kernel.org/linus/56230d956739b9cb1cbde439d76227d77979a04d"
          },
          {
            "name": "https://git.kernel.org/linus/48bd024b8a40d73ad6b086de2615738da0c7004f",
            "refsource": "CONFIRM",
            "url": "https://git.kernel.org/linus/48bd024b8a40d73ad6b086de2615738da0c7004f"
          },
          {
            "name": "https://git.kernel.org/linus/05acefb4872dae89e772729efb194af754c877e8",
            "refsource": "CONFIRM",
            "url": "https://git.kernel.org/linus/05acefb4872dae89e772729efb194af754c877e8"
          },
          {
            "name": "https://git.kernel.org/linus/d1d04ef8572bc8c22265057bd3d5a79f223f8f52",
            "refsource": "CONFIRM",
            "url": "https://git.kernel.org/linus/d1d04ef8572bc8c22265057bd3d5a79f223f8f52"
          },
          {
            "name": "https://git.kernel.org/linus/b6650dab404c701d7fe08a108b746542a934da84",
            "refsource": "CONFIRM",
            "url": "https://git.kernel.org/linus/b6650dab404c701d7fe08a108b746542a934da84"
          }
        ]
      },
      "solution": [],
      "source": {
        "advisory": "https://ubuntu.com/USN-4576-1",
        "defect": [
          "https://launchpad.net/bugs/1894980"
        ],
        "discovery": "EXTERNAL"
      },
      "work_around": []
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.11",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "ID": "CVE-2020-16120"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef (\"ovl: stack file ops\"). This was fixed in kernel version 5.8 by commits 56230d9 (\"ovl: verify permissions in ovl_path_open()\"), 48bd024 (\"ovl: switch to mounter creds in readdir\") and 05acefb (\"ovl: check permission to open real file\"). Additionally, commits 130fdbc (\"ovl: pass correct flags for opening real directory\") and 292f902 (\"ovl: call secutiry hook in ovl_real_ioctl()\") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da (\"ovl: do not fail because of O_NOATIMEi\") in kernel 5.11."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/linus/b6650dab404c701d7fe08a108b746542a934da84",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://git.kernel.org/linus/b6650dab404c701d7fe08a108b746542a934da84"
            },
            {
              "name": "https://launchpad.net/bugs/1894980",
              "refsource": "UBUNTU",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://launchpad.net/bugs/1894980"
            },
            {
              "name": "https://ubuntu.com/USN-4578-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://ubuntu.com/USN-4578-1"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2020/10/14/2",
              "refsource": "CONFIRM",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2020/10/14/2"
            },
            {
              "name": "https://launchpad.net/bugs/1900141",
              "refsource": "UBUNTU",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://launchpad.net/bugs/1900141"
            },
            {
              "name": "https://ubuntu.com/USN-4576-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://ubuntu.com/USN-4576-1"
            },
            {
              "name": "https://git.kernel.org/linus/56230d956739b9cb1cbde439d76227d77979a04d",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://git.kernel.org/linus/56230d956739b9cb1cbde439d76227d77979a04d"
            },
            {
              "name": "https://git.kernel.org/linus/d1d04ef8572bc8c22265057bd3d5a79f223f8f52",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://git.kernel.org/linus/d1d04ef8572bc8c22265057bd3d5a79f223f8f52"
            },
            {
              "name": "https://ubuntu.com/USN-4577-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://ubuntu.com/USN-4577-1"
            },
            {
              "name": "https://git.kernel.org/linus/48bd024b8a40d73ad6b086de2615738da0c7004f",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://git.kernel.org/linus/48bd024b8a40d73ad6b086de2615738da0c7004f"
            },
            {
              "name": "https://git.kernel.org/linus/05acefb4872dae89e772729efb194af754c877e8",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://git.kernel.org/linus/05acefb4872dae89e772729efb194af754c877e8"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-11-18T18:40Z",
      "publishedDate": "2021-02-10T20:15Z"
    }
  }
}

wid-sec-w-2022-1762

Vulnerability from csaf_certbund

Published

2020-10-13 22:00

Modified

2023-02-15 23:00

Summary

Linux Kernel: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um beliebigen Programmcode auszuführen, einen Denial of Service zu verursachen oder Informationen offenzulegen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service zu verursachen oder Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-1762 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-1762.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-1762 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1762"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:0416-1 vom 2023-02-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013765.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:4617-1 vom 2022-12-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013342.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-9999 vom 2022-11-16",
        "url": "http://linux.oracle.com/errata/ELSA-2022-9999.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9140 vom 2021-04-01",
        "url": "http://linux.oracle.com/errata/ELSA-2021-9140.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9141 vom 2021-04-01",
        "url": "http://linux.oracle.com/errata/ELSA-2021-9141.html"
      },
      {
        "category": "external",
        "summary": "OSS-Security Mailing Liste vom 2020-10-13",
        "url": "http://seclists.org/oss-sec/2020/q4/59"
      },
      {
        "category": "external",
        "summary": "OSS-Security Mailing Liste vom 2020-10-13",
        "url": "http://seclists.org/oss-sec/2020/q4/58"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice",
        "url": "https://ubuntu.com/security/notices/USN-4577-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice LSN-0072-1 vom 2020-10-14",
        "url": "https://usn.ubuntu.com/lsn/0072-1/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3122-1 vom 2020-11-03",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-November/007685.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3122-1 vom 2020-11-03",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-November/007681.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3272-1 vom 2020-11-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007751.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3272-1 vom 2020-11-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007748.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3281-1 vom 2020-11-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007756.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3326-1 vom 2020-11-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007775.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3326-1 vom 2020-11-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007776.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3484-1 vom 2020-11-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007841.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3491-1 vom 2020-11-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007842.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3512-1 vom 2020-11-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007853.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3522-1 vom 2020-11-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007856.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3513-1 vom 2020-11-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007854.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3532-1 vom 2020-11-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007874.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3544-1 vom 2020-11-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007876.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3532-1 vom 2020-11-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007871.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3544-1 vom 2020-11-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007878.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9085 vom 2021-03-09",
        "url": "https://linux.oracle.com/errata/ELSA-2021-9085.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9086 vom 2021-03-09",
        "url": "https://linux.oracle.com/errata/ELSA-2021-9086.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9087 vom 2021-03-09",
        "url": "https://linux.oracle.com/errata/ELSA-2021-9087.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9084 vom 2021-03-09",
        "url": "https://linux.oracle.com/errata/ELSA-2021-9084.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4978 vom 2021-09-25",
        "url": "https://lists.debian.org/debian-security-announce/2021/msg00163.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2021-1539 vom 2021-10-05",
        "url": "https://alas.aws.amazon.com/ALAS-2021-1539.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9486 vom 2021-10-15",
        "url": "http://linux.oracle.com/errata/ELSA-2021-9486.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9487 vom 2021-10-15",
        "url": "http://linux.oracle.com/errata/ELSA-2021-9487.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2785 vom 2021-10-16",
        "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2843 vom 2021-12-16",
        "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2022-008 vom 2022-01-31",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-008.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2022-006 vom 2022-01-31",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2022-006.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:3609-1 vom 2022-10-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012557.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:3704-1 vom 2022-10-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012636.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:3775-1 vom 2022-10-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012711.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:3809-1 vom 2022-10-31",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012771.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-02-15T23:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:01:04.767+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2022-1762",
      "initial_release_date": "2020-10-13T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2020-10-13T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2020-10-14T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2020-11-03T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-11-10T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-11-11T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-11-15T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-11-23T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-11-25T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-11-26T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-03-08T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2021-03-31T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2021-09-26T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-10-04T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2021-10-14T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2021-10-17T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-12-16T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2022-01-30T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2022-10-18T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-10-24T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-10-26T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-10-31T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-11-16T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2022-12-26T23:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-02-15T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "24"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "6368",
              "product_identification_helper": {
                "cpe": "cpe:/o:linux:linux_kernel:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-16119",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle im Linux Kernel. Die Implementierung des DCCP-Protokolls handhabt die Wiederverwendung von Sockets nicht ordnungsgem\u00e4\u00df, was dazu f\u00fchrt, dass die DCCP-CCID-Struktur des Linux-Kernels nachtr\u00e4glich verwendet werden kann. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen oder m\u00f6glicherweise beliebigen Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "6368",
          "T000126",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2020-10-13T22:00:00Z",
      "title": "CVE-2020-16119"
    },
    {
      "cve": "CVE-2020-16120",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle im Linux Kernel. Das Overlay-Dateisystem f\u00fchrt in einigen Situationen die Berechtigungspr\u00fcfungen nicht ordnungsgem\u00e4\u00df durch. Ein Angreifer kann diese Schwachstelle ausnutzen, um Lesezugriff auf eingeschr\u00e4nkte Dateien zu erhalten."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "6368",
          "T000126",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2020-10-13T22:00:00Z",
      "title": "CVE-2020-16120"
    }
  ]
}

Action not permitted

cve-2020-16120

Vulnerability from cvelistv5

ghsa-q6jw-34cj-733v

Vulnerability from github

gsd-2020-16120

Vulnerability from gsd

wid-sec-w-2022-1762

Vulnerability from csaf_certbund

Tags