News

Palo Alto Networks researcher discovers Linux privilege escalation vulnerability

A privilege escalation vulnerability had been lurking in the Linux kernel all this time until being discovered by a Palo Alto Networks researcher last week.

Assigned CVE-2020-14386, the memory corruption flaw can be exploited by a standard user to gain extended permissions as an administrator (root) on Linux systems.

“A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity,” reads the vulnerability’s official NVD description.

Or Cohen of Palo Alto Networks has been credited with discovering the vulnerability.

In a blog post for the company’s Unit42 blog, Cohen stated:

“Specifically, in order for the vulnerability to be triggerable, we need the kernel to have AF_PACKET sockets enabled (CONFIG_PACKET=y) and the CAP_NET_RAW privilege for the triggering process, which can be obtained in an unprivileged user namespace if user namespaces are enabled (`CONFIG_USER_NS=y`) and accessible to unprivileged users.”

“Surprisingly, this long list of constraints is satisfied by default in some distributions, like Ubuntu,” continued Cohen.

According to Cohen, similar vulnerabilities have been reported in the past:

“A few years ago, several vulnerabilities were discovered in packet sockets (CVE-2017-7308 and CVE-2016-8655), and there are some publications, such as this one in the Project Zero blog and this in Openwall, which give some overview of the main functionality,” he said in the post.

However, the fixes previously applied by the project developers did not sufficiently resolve the memory corruption vulnerabilities, which is why Cohen was able to provide a Proof-of-Concept (PoC) exploit to demonstrate the flaw persisted.

A patch proposed by the researcher can be used to resolve the bug:

Patch proposed by Cohen to resolve CVE-2020-14386
Source: Palo Alto Networks

“I was surprised that such simple arithmetic security issues still exist in the Linux kernel and haven’t been previously discovered,” said Cohen.

“Also, unprivileged user namespaces expose a huge attack surface for local privilege escalation, so distributions should consider whether they should enable them or not,” the researcher concluded.

Cohen’s thorough technical findings are provided in the blog post.

Ax Sharma

Ax Sharma is a UK-based security researcher, journalist and TV subject matter expert experienced in malware analysis and cybercrime investigations. His areas of interest include open source software security and threat intel analysis. Frequently featured by leading media outlets like the BBC, Channel 5, Fortune, WIRED, The Register, among others, Ax is an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).

Recent Posts

8 Brutal Truths About Cybersecurity I Wish I Knew

When I first got into cybersecurity, I thought it was all about hackers in hoodies…

13 hours ago

US Air Force Probes Potential SharePoint-Linked Privacy Breach

The US Air Force is investigating a “privacy-related issue” that may have exposed personally identifiable…

2 days ago

Harrods third-party breach exposes 430,000 customer records, hackers reach out

London’s iconic department store Harrods has disclosed that approximately 430,000 customer records were compromised in…

4 days ago

WestJet confirms customer ID, passports stolen in June cyberattack

WestJet confirmed that in a June 2025 cybersecurity incident, a “sophisticated, criminal third party” gained…

4 days ago

Did You Also Get a ‘Real’ Phishing Email From GitHub.com?

Imagine getting an email straight from GitHub’s own notification system: the same one you've trusted…

7 days ago

World’s Largest Supply Chain Cyber Attack… And just 5 Cents Stolen?

You probably saw the headlines: the world’s largest npm supply chain attack, chalk and debug-js…

1 week ago

This website uses cookies.