CVE-2020-27067

In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152409173

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux	20.10 groovy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Fixed 4.4.0-186.216
	14.04 LTS trusty	Ignored
linux-aws	20.10 groovy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Fixed 4.4.0-1111.123
	14.04 LTS trusty	Ignored
linux-aws-5.0	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Ignored
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-aws-5.3	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Ignored
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-aws-5.4	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-aws-hwe	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-azure	20.10 groovy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Ignored
	16.04 LTS xenial	Fixed 4.15.0-1013.13~16.04.2
	14.04 LTS trusty	Ignored
linux-azure-4.15	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-azure-5.3	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Ignored
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-azure-5.4	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-azure-edge	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Ignored
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-gcp	20.10 groovy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Ignored
	16.04 LTS xenial	Fixed 4.15.0-1014.14~16.04.1
	14.04 LTS trusty	Not in release
linux-gcp-4.15	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-gcp-5.3	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Ignored
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-gcp-5.4	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-gcp-edge	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Ignored
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-gke-4.15	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-gke-5.0	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-gke-5.3	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-gke-5.4	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-gkeop-5.4	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-hwe	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Ignored
	16.04 LTS xenial	Fixed 4.15.0-24.26~16.04.1
	14.04 LTS trusty	Not in release
linux-hwe-5.4	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-hwe-5.8	20.10 groovy	Not in release
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-hwe-edge	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Ignored
	16.04 LTS xenial	Ignored
	14.04 LTS trusty	Not in release
linux-kvm	20.10 groovy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Fixed 4.4.0-1077.84
	14.04 LTS trusty	Not in release
linux-lts-trusty	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-lts-xenial	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Ignored
linux-oem	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Ignored
	16.04 LTS xenial	Ignored
	14.04 LTS trusty	Not in release
linux-oem-5.6	20.10 groovy	Not in release
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-oem-osp1	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Ignored
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-oracle	20.10 groovy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-oracle-5.0	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Ignored
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-oracle-5.3	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Ignored
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-oracle-5.4	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-raspi	20.10 groovy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-raspi-5.4	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-raspi2	20.10 groovy	Not in release
	20.04 LTS focal	Ignored
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Fixed 4.4.0-1136.145
	14.04 LTS trusty	Not in release
linux-raspi2-5.3	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-riscv	20.10 groovy	Not affected
	20.04 LTS focal	Ignored
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-snapdragon	20.10 groovy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Fixed 4.15.0-1053.57
	16.04 LTS xenial	Fixed 4.4.0-1140.148
	14.04 LTS trusty	Not in release

Notes

sbeattie

see salsa link for 4.9 stable commits.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
linux	Introduced by d9e31d1, fixed by 41c43fb Introduced by d9e31d1, fixed by 47c3e77 Introduced by d9e31d1, fixed by a725eb1 Introduced by d9e31d1, fixed by fba40c6 Introduced by d9e31d1, fixed by 113c307 Introduced by d9e31d1, fixed by b784e7e Introduced by d9e31d1, fixed by af87ae4 Introduced by d9e31d1, fixed by 55a3ce3 Introduced by d9e31d1, fixed by 9aaef50 Introduced by d9e31d1, fixed by 2f858b9 Introduced by d9e31d1, fixed by 57240d0 Introduced by d9e31d1, fixed by 9ee369a Introduced by d9e31d1, fixed by 54652eb Introduced by d9e31d1, fixed by bb0a32c Introduced by d9e31d1, fixed by 8c0e421 Introduced by d9e31d1, fixed by 4e4b21d Introduced by d9e31d1, fixed by e702c12 Introduced by d9e31d1, fixed by f3c66d4 Introduced by d9e31d1, fixed by f026bc2 Introduced by d9e31d1, fixed by 9f775ea Introduced by d9e31d1, fixed by 3953ae7 Introduced by d9e31d1, fixed by ee28de6 Introduced by d9e31d1, fixed by ee40fb2 Introduced by d9e31d1, fixed by f98be6c

Package

Patch details

linux

Introduced by d9e31d1, fixed by 41c43fb
Introduced by d9e31d1, fixed by 47c3e77
Introduced by d9e31d1, fixed by a725eb1
Introduced by d9e31d1, fixed by fba40c6
Introduced by d9e31d1, fixed by 113c307
Introduced by d9e31d1, fixed by b784e7e
Introduced by d9e31d1, fixed by af87ae4
Introduced by d9e31d1, fixed by 55a3ce3
Introduced by d9e31d1, fixed by 9aaef50
Introduced by d9e31d1, fixed by 2f858b9
Introduced by d9e31d1, fixed by 57240d0
Introduced by d9e31d1, fixed by 9ee369a
Introduced by d9e31d1, fixed by 54652eb
Introduced by d9e31d1, fixed by bb0a32c
Introduced by d9e31d1, fixed by 8c0e421
Introduced by d9e31d1, fixed by 4e4b21d
Introduced by d9e31d1, fixed by e702c12
Introduced by d9e31d1, fixed by f3c66d4
Introduced by d9e31d1, fixed by f026bc2
Introduced by d9e31d1, fixed by 9f775ea
Introduced by d9e31d1, fixed by 3953ae7
Introduced by d9e31d1, fixed by ee28de6
Introduced by d9e31d1, fixed by ee40fb2
Introduced by d9e31d1, fixed by f98be6c

Severity score breakdown

Parameter	Value
Base score	6.4 · Medium
Attack vector	Local
Attack complexity	High
Privileges required	High
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2020-27067

Cvss 3 Severity Score

Status

Notes

sbeattie

Patch details

Severity score breakdown

References

Other references