PublicDateAtUSN: 2020-05-09 21:15:00 UTC
Candidate: CVE-2019-20795
PublicDate: 2020-05-09 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20795
 https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10
 https://ubuntu.com/security/notices/USN-4357-1
Description:
 iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in
 ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of
 setuid that, although not a default, are sometimes a configuration option
 offered to end users. Even when setuid is used, other factors (such as C
 library configuration) may block exploitability.
Ubuntu-Description:
Notes:
 leosilva> vulnerability introduced in v4.15.0
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H [4.4 MEDIUM]


Patches_iproute2:
upstream_iproute2: released (5.2.0-1)
precise/esm_iproute2: DNE
trusty_iproute2: ignored (out of standard support)
trusty/esm_iproute2: not-affected (code not present)
xenial_iproute2: not-affected (code not present)
esm-infra/xenial_iproute2: not-affected (code not present)
bionic_iproute2: released (4.15.0-2ubuntu1.1)
eoan_iproute2: not-affected (5.2.0-1ubuntu2)
focal_iproute2: not-affected
devel_iproute2: not-affected