CVE-2020-14386

MEDIUM LAB

Linux Kernel < 4.9.239 - Privilege Escalation via Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-14386. PoCs published by cgwalters.

AI-analyzed exploit summary This PoC exploits CVE-2020-14386, a Linux kernel vulnerability in the AF_PACKET implementation, by triggering a buffer overflow via crafted socket options and packet transmission. It uses unshare and namespace isolation to test the vulnerability, potentially crashing the node if vulnerable.

Description

A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.

Exploits (1)

nomisec WORKING POC 43 stars

by cgwalters · poc

https://github.com/cgwalters/cve-2020-14386

View Code ZIP pw:eip

This PoC exploits CVE-2020-14386, a Linux kernel vulnerability in the AF_PACKET implementation, by triggering a buffer overflow via crafted socket options and packet transmission. It uses unshare and namespace isolation to test the vulnerability, potentially crashing the node if vulnerable.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel (versions affected by CVE-2020-14386)

No auth needed

Prerequisites: Linux system with vulnerable kernel · CAP_NET_RAW capability or root privileges

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12

Core References

Mailing List, Patch, Third Party Advisory x_refsource_misc

https://seclists.org/oss-sec/2020/q3/146

Issue Tracking, Patch, Third Party Advisory x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14386

Patch, Vendor Advisory x_refsource_misc

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=acf69c946233259ab4d64f8869d4037a198c7f06

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNCPXERMUHPSGF6S2VVFL5NVVPBBFB63/

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2021/09/17/2

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2021/09/17/4

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2021/09/21/1

Scores

CVSS v3 6.7

EPSS 0.0132

EPSS Percentile 67.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY

Community Lab

docker pull registry.svc.ci.openshift.org/coreos/cosa-buildroot

https://github.com/cgwalters/cve-2020-14386

View in Library

Details

CWE

CWE-250 CWE-787

Status published

Products (5)

debian/debian_linux 9.0

fedoraproject/fedora 33

linux/linux_kernel 5.9.0 rc1 (3 CPE variants)

linux/linux_kernel 4.6 - 4.9.239

opensuse/leap 15.1

Published Sep 16, 2020

Tracked Since Feb 18, 2026