1) Out-of-bounds write

EUVDB-ID: #VU47051

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-14386

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: Yes

Description

The vulnerability allows a local privileged user to execute arbitrary code.

A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.

Mitigation

Update the affected packages:

i686:
    kernel-tools-devel-4.14.193-113.317.amzn1.i686
    kernel-4.14.193-113.317.amzn1.i686
    kernel-debuginfo-4.14.193-113.317.amzn1.i686
    perf-debuginfo-4.14.193-113.317.amzn1.i686
    perf-4.14.193-113.317.amzn1.i686
    kernel-tools-4.14.193-113.317.amzn1.i686
    kernel-tools-debuginfo-4.14.193-113.317.amzn1.i686
    kernel-debuginfo-common-i686-4.14.193-113.317.amzn1.i686
    kernel-devel-4.14.193-113.317.amzn1.i686
    kernel-headers-4.14.193-113.317.amzn1.i686

src:
    kernel-4.14.193-113.317.amzn1.src

x86_64:
    kernel-tools-4.14.193-113.317.amzn1.x86_64
    kernel-debuginfo-4.14.193-113.317.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.193-113.317.amzn1.x86_64
    kernel-4.14.193-113.317.amzn1.x86_64
    kernel-headers-4.14.193-113.317.amzn1.x86_64
    perf-4.14.193-113.317.amzn1.x86_64
    kernel-tools-devel-4.14.193-113.317.amzn1.x86_64
    perf-debuginfo-4.14.193-113.317.amzn1.x86_64
    kernel-tools-debuginfo-4.14.193-113.317.amzn1.x86_64
    kernel-devel-4.14.193-113.317.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

---

CPE2.3

• cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

http://alas.aws.amazon.com/ALAS-2020-1430.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?