5.9

CVE-2020-10711

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.

Data is provided by the National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.7
Redhat3scale Version2.0
RedhatOpenstack Version13
RedhatVirtualization Host Version4.0
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Aus Version7.4
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
OpensuseLeap Version15.1
OpensuseLeap Version15.2
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.10
CanonicalUbuntu Linux Version20.04 SwEditionlts
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.18% 0.781
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
secalert@redhat.com 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://usn.ubuntu.com/4414-1/
Third Party Advisory
https://usn.ubuntu.com/4419-1/
Third Party Advisory
https://usn.ubuntu.com/4411-1/
Third Party Advisory
https://usn.ubuntu.com/4412-1/
Third Party Advisory
https://usn.ubuntu.com/4413-1/
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10711
Patch
Third Party Advisory
Issue Tracking
https://www.openwall.com/lists/oss-security/2020/05/12/2
Patch
Third Party Advisory
Mailing List