CVE-2020-14386
published 2020-09-16CVE-2020-14386: A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat…
PriorityP344high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
1.32%
67.3th percentile
A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 5.8.7-1 (bookworm) | linux 5.8.7-1 (bookworm) |
| fedoraproject | fedora | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.8.7-1 | 5.8.7-1 |
| linux | linux_kernel | >= 0 < 5.8.7-1 | 5.8.7-1 |
| linux | linux_kernel | >= 0 < 5.8.7-1 | 5.8.7-1 |
| linux | linux_kernel | >= 0 < 5.8.7-1 | 5.8.7-1 |
| linux | linux_kernel | >= 0 < 4.4.0-193.224 | 4.4.0-193.224 |
| linux | linux_kernel | >= 0 < 4.15.0-117.118 | 4.15.0-117.118 |
| linux | linux_kernel | >= 0 < 4.15.0-121.123 | 4.15.0-121.123 |
| linux | linux_kernel | >= 0 < 5.4.0-51.56 | 5.4.0-51.56 |
| linux | linux_kernel | >= 4.10 < 4.14.201 | 4.14.201 |
| linux | linux_kernel | >= 4.15 < 4.19.150 | 4.19.150 |
| linux | linux_kernel | >= 4.20 < 5.4.64 | 5.4.64 |
| linux | linux_kernel | >= 4.6 < 4.9.239 | 4.9.239 |
| linux | linux_kernel | >= 5.5 < 5.8.8 | 5.8.8 |
| linux_kernel | kernel | — | — |
| msrc | cm1_kernel_5.4.91-3_on_cbl_mariner_1.0 | — | — |
| opensuse | leap | — | — |
| paloalto | cortex_xsoar | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_msrc7.8HIGH
vendor_debian6.7MEDIUM
vendor_redhat6.7MEDIUM
vendor_ubuntu6.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-SA-2020-0010 Informational: Cortex XSOAR: Impact of Linux and Docker vulnerabilities on Cortex XSOAR
vendor_paloalto·2020-10-14·CVSS 9.8
CVE-2019-5736 [CRITICAL] CWE-216 PAN-SA-2020-0010 Informational: Cortex XSOAR: Impact of Linux and Docker vulnerabilities on Cortex XSOAR
PAN-SA-2020-0010 Informational: Cortex XSOAR: Impact of Linux and Docker vulnerabilities on Cortex XSOAR
Cortex XSOAR provides analysts with the option to specify the Docker image to use for running custom scripts and integrations. An analyst who has write permission to scripts or integrations is able to exploit Docker vulnerabilities such as CVE-2019-5736, or Linux kernel vulnerability such as CVE-2020-14386 to obtain root access on the Cortex XSOAR server. Demisto Server does not use the docker exec command and does not expose a mechanism for an external attacker to manipulate or provide an attacker-controlled image for execution. Thus, CVE-2019-5736 does not increase exposure to an external attack. CVE-2019-5021 is a vulnerability in Alpine Linux Docker images where the root password m
Ubuntu
Kernel Live Patch Security Notice
vendor_ubuntu·2020-10-14·CVSS 4.4
CVE-2020-11935 [MEDIUM] Kernel Live Patch Security Notice
Title: Kernel Live Patch Security Notice
Summary: Several security issues were fixed in the kernel.
It was discovered that the F2FS file system implementation in the Linux
kernel did not properly perform bounds checking on xattrs in some
situations. A local attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2020-0067)
It was discovered that the Serial CAN interface driver in the Linux kernel
did not properly initialize data. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2020-11494)
Mauricio Faria de Oliveira discovered that the aufs implementation in the
Linux kernel improperly managed inode reference counts in the
vfsub_dentry_open() method. A local attacker could use this vulnerability
to cause a denial of se
Ubuntu
Kernel Live Patch Security Notice
vendor_ubuntu·2020-09-10·CVSS 6.7
CVE-2020-14386 [MEDIUM] Kernel Live Patch Security Notice
Title: Kernel Live Patch Security Notice
Summary: Several security issues were fixed in the kernel.
Or Cohen discovered that the AF_PACKET implementation in the Linux kernel
did not properly perform bounds checking in some situations. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-14386)
Ubuntu
Linux kernel vulnerability
vendor_ubuntu·2020-09-08
CVE-2020-14386 Linux kernel vulnerability
Title: Linux kernel vulnerability
Summary: The system could be made to crash or run programs as an administrator.
Or Cohen discovered that the AF_PACKET implementation in the Linux
kernel did not properly perform bounds checking in some situations. A
local attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux
Microsoft
A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confi
vendor_msrc·2020-09-08·CVSS 7.8
CVE-2020-14386 [MEDIUM] CWE-787 A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confi
A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is ident
Red Hat
kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege
vendor_redhat·2020-09-03·CVSS 6.7
CVE-2020-14386 [MEDIUM] CWE-786 kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege
kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege
A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.
A flaw was found in the Linux kernel. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Statement: Only local users with CAP_NET_RAW capability enabled can trigger this issue.
For OpenShift Container Platform 4, pods in the default restricted SCC are granted CAP_NET_RAW by default. An attacker can exploit this if they can run arbit
Debian
CVE-2020-14386: linux - A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be ex...
vendor_debian·2020·CVSS 6.7
CVE-2020-14386 [MEDIUM] CVE-2020-14386: linux - A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be ex...
A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.
Scope: local
bookworm: resolved (fixed in 5.8.7-1)
bullseye: resolved (fixed in 5.8.7-1)
forky: resolved (fixed in 5.8.7-1)
sid: resolved (fixed in 5.8.7-1)
trixie: resolved (fixed in 5.8.7-1)
OSV
Kernel Live Patch Security Notice
osv·2020-10-14·CVSS 4.4
CVE-2020-0067 [MEDIUM] Kernel Live Patch Security Notice
Kernel Live Patch Security Notice
It was discovered that the F2FS file system implementation in the Linux
kernel did not properly perform bounds checking on xattrs in some
situations. A local attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2020-0067)
It was discovered that the Serial CAN interface driver in the Linux kernel
did not properly initialize data. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2020-11494)
Mauricio Faria de Oliveira discovered that the aufs implementation in the
Linux kernel improperly managed inode reference counts in the
vfsub_dentry_open() method. A local attacker could use this vulnerability
to cause a denial of service. (CVE-2020-11935)
Piotr Krysiuk discovered that race conditi
OSV
CVE-2020-14386: A flaw was found in the Linux kernel before 5
osv·2020-09-16·CVSS 7.8
CVE-2020-14386 [HIGH] CVE-2020-14386: A flaw was found in the Linux kernel before 5
A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.
OSV
Kernel Live Patch Security Notice
osv·2020-09-10·CVSS 7.8
CVE-2020-14386 [HIGH] Kernel Live Patch Security Notice
Kernel Live Patch Security Notice
Or Cohen discovered that the AF_PACKET implementation in the Linux kernel
did not properly perform bounds checking in some situations. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-14386)
Kernel
net/packet: fix overflow in tpacket_rcv
kernel_security·2020-09-03·CVSS 6.7
CVE-2020-14386 [MEDIUM] net/packet: fix overflow in tpacket_rcv
net/packet: fix overflow in tpacket_rcv
Using tp_reserve to calculate netoff can overflow as
tp_reserve is unsigned int and netoff is unsigned short.
This may lead to macoff receving a smaller value then
sizeof(struct virtio_net_hdr), and if po->has_vnet_hdr
is set, an out-of-bounds write will occur when
calling virtio_net_hdr_from_skb.
The bug is fixed by converting netoff to unsigned int
and checking if it exceeds USHRT_MAX.
This addresses CVE-2020-14386
Fixes: 8913336a7e8d ("packet: add PACKET_RESERVE sockopt")
Signed-off-by: Or Cohen
Signed-off-by: Eric Dumazet
Signed-off-by: Linus Torvalds
No detection rules found.
No public exploits indexed.
Unit42
CVE-2020-14386: Privilege Escalation Vulnerability in the Linux kernel
blogs_unit42·2020-10-10·CVSS 7.8
CVE-2020-14386 [HIGH] CVE-2020-14386: Privilege Escalation Vulnerability in the Linux kernel
## Executive Summary
Lately, I’ve been investing time into auditing packet sockets source code in the Linux kernel. This led me to the discovery of CVE-2020-14386, a memory corruption vulnerability in the Linux kernel. Such a vulnerability can be used to escalate privileges from an unprivileged user into the root user on a Linux system. In this blog, I will provide a technical walkthrough of the vulnerability, how it can be exploited and how Palo Alto Networks customers are protected.
A few years ago, several vulnerabilities were discovered in packet sockets (CVE-2017-7308 and CVE-2016-8655), and there are some publications, such as this one in the Project Zero blog and this in Openwall, which give some overview of the main functionality.
Specifically, in order for the vulnerability to
Unit42
CVE-2020-14386: Privilege Escalation Vulnerability in the Linux kernel
blogs_unit42·2020-10-10·CVSS 7.8
CVE-2020-14386 [HIGH] CVE-2020-14386: Privilege Escalation Vulnerability in the Linux kernel
Threat Research Center
Threat Research
Vulnerabilities
## CVE-2020-14386: Privilege Escalation Vulnerability in the Linux kernel
Or Cohen
Published: October 9, 2020
Threat Research
Vulnerabilities
CVE-2020-14386
Linux
Privilege escalation
## Executive Summary
Lately, I’ve been investing time into auditing packet sockets source code in the Linux kernel. This led me to the discovery of CVE-2020-14386 , a memory corruption vulnerability in the Linux kernel. Such a vulnerability can be used to escalate privileges from an unprivileged user into the root user on a Linux system. In this blog, I will provide a technical walkthrough of the vulnerability, how it can be exploited and how Palo Alto Networks customers are protected.
A few years ago, several vulnerabilities were discove
Bugzilla
CVE-2020-14386 kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege [fedora-all]
bugzilla·2020-09-07·CVSS 6.7
CVE-2020-14386 [MEDIUM] CVE-2020-14386 kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege [fedora-all]
CVE-2020-14386 kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue a
Bugzilla
CVE-2020-14386 kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege
bugzilla·2020-09-04·CVSS 6.7
CVE-2020-14386 [MEDIUM] CVE-2020-14386 kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege
CVE-2020-14386 kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege
A vulnerability was found in Linux Kernel, which leads to a memory corruption in (net/packet/af_packet.c). It can be exploited to gain root privileges from unprivileged processes.
Discussion:
References:
https://seclists.org/oss-sec/2020/q3/146
---
Acknowledgments:
Name: Or Cohen (paloaltonetworks.com)
---
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1876349]
---
Could you clarify what you mean by `If the CAP_NET_RAW capability disabled by default (that is true for all Red Hat Enterprise Linux products)`?
`CAP_NET_RAW` is normally not given to normal users, true, but they can get it by using namespace, can't they (I'm not sure what you mean by "disabling"
arXiv
BEACON: Automatic Container Policy Generation using Environment-aware Dynamic Analysis
arxiv_fulltext·2025-11-29
BEACON: Automatic Container Policy Generation using Environment-aware Dynamic Analysis
=1em
1
.001
: Automatic Container Policy Generation using Environment-aware Dynamic Analysis
Kang et al.
[mode = title]: Automatic Container Policy Generation using Environment-aware Dynamic Analysis
[1]
[1]This is the accepted manuscript of an article accepted for publication in Computers & Security.
[1]Haney Kang[orcid=0000-0003-0866-0938]
[email protected]
[1]
[3]Eduard Marin[orcid=0000-0002-5002-0187]
[email protected]
[1]
[2]Myoungsung You[orcid=0000-0001-5822-5243]
[email protected]
[3]Diego Perino
[email protected]
[1]Seungwon Shin[orcid=0000-0002-1077-5606]
[email protected]
[4]Jinwoo Kim[orcid=0000-0003-1303-8668]
[email protected]
[1]
[fn1]Co-first authors
[cor1]Corresponding author
[1]
organization=School of Electrical Engineering, KAIST,
a
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.htmlhttp://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.htmlhttp://www.openwall.com/lists/oss-security/2021/09/17/2http://www.openwall.com/lists/oss-security/2021/09/17/4http://www.openwall.com/lists/oss-security/2021/09/21/1https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14386https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=acf69c946233259ab4d64f8869d4037a198c7f06https://lists.debian.org/debian-lts-announce/2020/09/msg00025.htmlhttps://lists.debian.org/debian-lts-announce/2020/10/msg00032.htmlhttps://lists.debian.org/debian-lts-announce/2020/10/msg00034.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNCPXERMUHPSGF6S2VVFL5NVVPBBFB63/https://seclists.org/oss-sec/2020/q3/146http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.htmlhttp://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.htmlhttp://www.openwall.com/lists/oss-security/2021/09/17/2http://www.openwall.com/lists/oss-security/2021/09/17/4http://www.openwall.com/lists/oss-security/2021/09/21/1https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14386https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=acf69c946233259ab4d64f8869d4037a198c7f06https://lists.debian.org/debian-lts-announce/2020/09/msg00025.htmlhttps://lists.debian.org/debian-lts-announce/2020/10/msg00032.htmlhttps://lists.debian.org/debian-lts-announce/2020/10/msg00034.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNCPXERMUHPSGF6S2VVFL5NVVPBBFB63/https://seclists.org/oss-sec/2020/q3/146
2020-09-16
Published