Kernel Stack Corruption Vulnerability in Linux Kernel's get_raw_socket Function

Kernel Stack Corruption Vulnerability in Linux Kernel's get_raw_socket Function

CVE-2020-10942 · MEDIUM Severity

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H

In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.