Headline
CVE-2020-26088: net/nfc/rawsock.c: add CAP_NET_RAW check. · torvalds/linux@26896f0
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.
@@ -328,10 +328,13 @@ static int rawsock_create(struct net *net, struct socket *sock,
if ((sock->type != SOCK_SEQPACKET) && (sock->type != SOCK_RAW))
return -ESOCKTNOSUPPORT;
if (sock->type == SOCK_RAW)
if (sock->type == SOCK_RAW) {
if (!capable(CAP_NET_RAW))
return -EPERM;
sock->ops = &rawsock_raw_ops;
else
} else {
sock->ops = &rawsock_ops;
}
sk = sk_alloc(net, PF_NFC, GFP_ATOMIC, nfc_proto->proto, kern);
if (!sk)