{"containers": {"cna": {"affected": [{"product": "Linux kernel", "vendor": "Canonical", "versions": [{"lessThan": "5.4.0-51.56", "status": "affected", "version": "5.4 kernel", "versionType": "custom"}, {"lessThan": "5.3.0-68.63", "status": "affected", "version": "5.3 kernel", "versionType": "custom"}, {"lessThan": "4.15.0-121.123", "status": "affected", "version": "4.15 kernel", "versionType": "custom"}, {"lessThan": "4.4.0-193.224", "status": "affected", "version": "4.4 kernel", "versionType": "custom"}, {"lessThan": "3.13.0.182.191", "status": "affected", "version": "3.13 kernel", "versionType": "custom"}, {"lessThan": "3.2.0-149.196", "status": "affected", "version": "3.2 kernel", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Hador Manor"}], "datePublic": "2020-10-13T00:00:00", "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-12-17T00:06:36", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://launchpad.net/bugs/1883840"}, {"tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://ubuntu.com/USN-4576-1"}, {"tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://ubuntu.com/USN-4577-1"}, {"tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://ubuntu.com/USN-4578-1"}, {"tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://ubuntu.com/USN-4579-1"}, {"tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://ubuntu.com/USN-4580-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza%40canonical.com/T/"}, {"tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=01872cb896c76cedeabe93a08456976ab55ad695"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210304-0006/"}, {"name": "DSA-4978", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4978"}, {"name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"}, {"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"}], "source": {"advisory": "https://ubuntu.com/USN-4576-1", "defect": ["https://launchpad.net/bugs/1883840"], "discovery": "USER"}, "title": "DCCP CCID structure use-after-free", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2020-10-13T16:00:00.000Z", "ID": "CVE-2020-16119", "STATE": "PUBLIC", "TITLE": "DCCP CCID structure use-after-free"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Linux kernel", "version": {"version_data": [{"platform": "", "version_affected": "<", "version_name": "5.4 kernel", "version_value": "5.4.0-51.56"}, {"platform": "", "version_affected": "<", "version_name": "5.3 kernel", "version_value": "5.3.0-68.63"}, {"platform": "", "version_affected": "<", "version_name": "4.15 kernel", "version_value": "4.15.0-121.123"}, {"platform": "", "version_affected": "<", "version_name": "4.4 kernel", "version_value": "4.4.0-193.224"}, {"platform": "", "version_affected": "<", "version_name": "3.13 kernel", "version_value": "3.13.0.182.191"}, {"platform": "", "version_affected": "<", "version_name": "3.2 kernel", "version_value": "3.2.0-149.196"}]}}]}, "vendor_name": "Canonical"}]}}, "configuration": [], "credit": [{"lang": "eng", "value": "Hador Manor"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196."}]}, "exploit": [], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-416 Use After Free"}]}]}, "references": {"reference_data": [{"name": "https://launchpad.net/bugs/1883840", "refsource": "UBUNTU", "url": "https://launchpad.net/bugs/1883840"}, {"name": "https://ubuntu.com/USN-4576-1", "refsource": "UBUNTU", "url": "https://ubuntu.com/USN-4576-1"}, {"name": "https://ubuntu.com/USN-4577-1", "refsource": "UBUNTU", "url": "https://ubuntu.com/USN-4577-1"}, {"name": "https://ubuntu.com/USN-4578-1", "refsource": "UBUNTU", "url": "https://ubuntu.com/USN-4578-1"}, {"name": "https://ubuntu.com/USN-4579-1", "refsource": "UBUNTU", "url": "https://ubuntu.com/USN-4579-1"}, {"name": "https://ubuntu.com/USN-4580-1", "refsource": "UBUNTU", "url": "https://ubuntu.com/USN-4580-1"}, {"name": "https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/", "refsource": "CONFIRM", "url": "https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/"}, {"name": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=01872cb896c76cedeabe93a08456976ab55ad695", "refsource": "UBUNTU", "url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=01872cb896c76cedeabe93a08456976ab55ad695"}, {"name": "https://security.netapp.com/advisory/ntap-20210304-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210304-0006/"}, {"name": "DSA-4978", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4978"}, {"name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"}, {"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"}]}, "solution": [], "source": {"advisory": "https://ubuntu.com/USN-4576-1", "defect": ["https://launchpad.net/bugs/1883840"], "discovery": "USER"}, "work_around": []}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:37:53.448Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://launchpad.net/bugs/1883840"}, {"tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://ubuntu.com/USN-4576-1"}, {"tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://ubuntu.com/USN-4577-1"}, {"tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://ubuntu.com/USN-4578-1"}, {"tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://ubuntu.com/USN-4579-1"}, {"tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://ubuntu.com/USN-4580-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza%40canonical.com/T/"}, {"tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=01872cb896c76cedeabe93a08456976ab55ad695"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210304-0006/"}, {"name": "DSA-4978", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4978"}, {"name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"}, {"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"}]}]}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2020-16119", "datePublished": "2021-01-14T01:10:20.401115Z", "dateReserved": "2020-07-29T00:00:00", "dateUpdated": "2024-09-16T18:19:48.160Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196."}, {"lang": "es", "value": "Una vulnerabilidad de uso de la memoria previamente liberada en el kernel de Linux explotable por un atacante local debido a la reutilizaci\u00f3n de un socket DCCP con un objeto dccps_hc_tx_ccid adjunto como oyente despu\u00e9s de ser liberado.&#xa0;Corregido en el kernel de Ubuntu Linux versiones 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 y 3.2.0-149.196"}], "id": "CVE-2020-16119", "lastModified": "2023-11-07T03:18:11.877", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.2, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2021-01-14T01:15:13.010", "references": [{"source": "security@ubuntu.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=01872cb896c76cedeabe93a08456976ab55ad695"}, {"source": "security@ubuntu.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://launchpad.net/bugs/1883840"}, {"source": "security@ubuntu.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"}, {"source": "security@ubuntu.com", "url": "https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza%40canonical.com/T/"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210304-0006/"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/USN-4576-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/USN-4577-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/USN-4578-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/USN-4579-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/USN-4580-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4978"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "security@ubuntu.com", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: DCCP CCID structure use-after-free may lead to DoS or code execution", "id": "1886374", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886374"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.", "A flaw was found in the Linux kernel. When reusing a socket with an attached dccps_hc_tx_ccid as a listener, the socket will be used after being released leading to denial of service (DoS) or a potential code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "mitigation": {"lang": "en:us", "value": "Red Hat has previously automatically blacklisted the DCCP module in Red Hat Enterprise Linux 7.5 and later in /etc/modprobe.d/dccp-blacklist.conf.\nIf this file does not exist with the above contents, the module can be prevented loading by running the command\n# echo \"install dccp /bin/true\" >> /etc/modprobe.d/dccp-blacklist.conf\nThe system will need to be restarted if the DCCP module is loaded. In most circumstances, the DCCP kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use.\nIf the system requires this module to work correctly, this mitigation may not be suitable.\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services."}, "name": "CVE-2020-16119", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2020-10-13T17:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-16119\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-16119\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16119\nhttps://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/\nhttps://www.openwall.com/lists/oss-security/2020/10/13/7"], "threat_severity": "Important"}