5.5

CVE-2020-26088

A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.8.2
DebianDebian Linux Version9.0
OpensuseLeap Version15.1
OpensuseLeap Version15.2
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.4% 0.315
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:P/A:N
CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://usn.ubuntu.com/4578-1/
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html
Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.2
Patch
Vendor Advisory
Release Notes
https://github.com/torvalds/linux/commit/26896f01467a28651f7a536143fe5ac8449d4041
Patch
Third Party Advisory