6.1

CVE-2020-10751

A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KernelSelinux Version < 5.7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.35% 0.264
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 1.8 4.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
nvd@nist.gov 3.6 3.9 4.9
AV:L/AC:L/Au:N/C:P/I:P/A:N
secalert@redhat.com 6.1 1.8 4.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data

The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.

https://www.oracle.com/security-alerts/cpuApr2021.html
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
https://www.debian.org/security/2020/dsa-4698
https://usn.ubuntu.com/4391-1/
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html
https://www.debian.org/security/2020/dsa-4699
https://usn.ubuntu.com/4389-1/
https://usn.ubuntu.com/4390-1/
https://usn.ubuntu.com/4412-1/
https://usn.ubuntu.com/4413-1/
http://www.openwall.com/lists/oss-security/2020/05/27/3
Third Party Advisory
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10751
Patch
Third Party Advisory
Issue Tracking
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6
Patch
Vendor Advisory
https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg%40mail.gmail.com/
https://www.openwall.com/lists/oss-security/2020/04/30/5
Third Party Advisory
Mailing List