CVE-2020-14386: Linux Kernel Privilege Escalation Vulnerability Alert
On September 23, 2020, the openwall mail group issued a risk notice for the Linux-kernel privilege escalation vulnerability. The vulnerability number is CVE-2020-14386, the vulnerability level is a high risk.
Local attackers can cause privilege escalation by sending specially crafted request content to the affected host. Because the vulnerability exists in the kernel, if the vulnerability is successfully exploited, the highest system privilege will be directly obtained.
Vulnerability Detail
I discovered a bug which leads to a memory corruption in (net/packet/af_packet.c). It can be exploited to gain root privileges from unprivileged processes.
To create AF_PACKET sockets you need CAP_NET_RAW in your network namespace, which can be acquired by unprivileged processes on systems where unprivileged namespaces are enabled (Ubuntu, Fedora, etc).
I discovered the vulnerability while auditing the 5.7 kernel sources.
The bug occurs in tpacket_rcv function, when calculating the netoff variable (unsigned short), po->tp_reserve (unsigned int) is added to it which can overflow netoff so it gets a small value.
Solution
In this regard, we recommend that users upgrade the Linux-kernel to the latest version in time.
