CVE-2020-12465

EPSS 0.17%
Published 29.04.2020 19:15:12
Last modified 21.11.2024 04:59:45
Source cve@mitre.org
Teams watchlist Login
Open Login

An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.16 < 4.19.111

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.26

Linux ≫ Linux Kernel Version >= 5.5 < 5.5.10

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere

Netapp ≫ Cloud Backup Version-

Netapp ≫ Hci Baseboard Management Controller Versionh300s

Netapp ≫ Hci Baseboard Management Controller Versionh410c

Netapp ≫ Hci Baseboard Management Controller Versionh410s

Netapp ≫ Hci Baseboard Management Controller Versionh500s

Netapp ≫ Hci Baseboard Management Controller Versionh610c

Netapp ≫ Hci Baseboard Management Controller Versionh610s

Netapp ≫ Hci Baseboard Management Controller Versionh615c

Netapp ≫ Hci Baseboard Management Controller Versionh700s

Netapp ≫ Solidfire & Hci Management Node Version-

Netapp ≫ Steelstore Cloud Integrated Storage Version-

Netapp ≫ Aff Baseboard Management Controller Versiona700s

Netapp ≫ Hci Compute Node Version-

Netapp ≫ Solidfire Baseboard Management Controller Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.17%	0.387

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://security.netapp.com/advisory/ntap-20200608-0001/

Third Party Advisory

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10

Vendor Advisory

Release Notes

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b102f0c522cf668c8382c56a4f771b37d011cda2

Patch

Vendor Advisory

https://github.com/torvalds/linux/commit/b102f0c522cf668c8382c56a4f771b37d011cda2

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-12465

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-12465

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-12465

EUVD