Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-10751

A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.

Published

2020-05-26T15:15:10.727

Last Modified

2024-11-21T04:55:59.600

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

4.9

Weaknesses

Type: Primary
CWE-349
Type: Secondary
CWE-345

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	kernel	selinux	< 5.7	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_server	8.0	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html ([email protected])
http://www.openwall.com/lists/oss-security/2020/05/27/3 Mailing List, Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10751 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6 Patch, Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html ([email protected])
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html ([email protected])
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html ([email protected])
https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg%40mail.gmail.com/ ([email protected])
https://usn.ubuntu.com/4389-1/ ([email protected])
https://usn.ubuntu.com/4390-1/ ([email protected])
https://usn.ubuntu.com/4391-1/ ([email protected])
https://usn.ubuntu.com/4412-1/ ([email protected])
https://usn.ubuntu.com/4413-1/ ([email protected])
https://www.debian.org/security/2020/dsa-4698 ([email protected])
https://www.debian.org/security/2020/dsa-4699 ([email protected])
https://www.openwall.com/lists/oss-security/2020/04/30/5 Mailing List, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuApr2021.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2020/05/27/3 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10751 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html (af854a3a-2127-422b-91ae-364da2661108)
https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg%40mail.gmail.com/ (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4389-1/ (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4390-1/ (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4391-1/ (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4412-1/ (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4413-1/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2020/dsa-4698 (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2020/dsa-4699 (af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2020/04/30/5 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuApr2021.html (af854a3a-2127-422b-91ae-364da2661108)