CVE-2020-11565

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 06-04-2020 03:15

Last modified: - 26-10-2022 01:44

Total changes: - 3

Description

** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.�?.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Low

Attack complexity

Local

Attack vector

High

Availability

None

Confidentiality

High

Integrity

High

Privileges required

Unchanged

Scope

None

User interaction

6.0

Base score

0.8

5.2

Exploitability score

Impact score

Verification logic

Reference

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd
https://github.com/torvalds/linux/commit/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd
DSA-4667-Third Party Advisory
USN-4364-1-Third Party Advisory
USN-4367-1-Third Party Advisory
USN-4368-1-Third Party Advisory
USN-4363-1-
USN-4369-1-
[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update-
[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update-
[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update-
DSA-4698-

Keywords

CVE-2020-11565

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2020-11565

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures