CVE-2020-10711

 

Published at: - 22-05-2020 05:15

Last modified: - 26-10-2022 01:44

Total changes: - 5

Description

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

 

Verification logic

 

Reference

• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10711
• https://www.openwall.com/lists/oss-security/2020/05/12/2
• https://security.netapp.com/advisory/ntap-20200608-0001/
• [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update-Third Party Advisory
• DSA-4699-Third Party Advisory
• DSA-4698-Third Party Advisory
• openSUSE-SU-2020:0801-Mailing List, Third Party Advisory
• openSUSE-SU-2020:0935-Mailing List, Third Party Advisory
• USN-4413-1-Third Party Advisory
• USN-4411-1-Third Party Advisory
• USN-4412-1-Third Party Advisory
• USN-4419-1-Third Party Advisory
• USN-4414-1-Third Party Advisory

 

Keywords

NVD

 

CVE-2020-10711

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures