CVE-2020-10711 Details

CVE-2020-10711

Published: 2020-05-22
Last Modified: 2020-05-27
CVE Author: NIST National Vulnerability Database
CVE Assigner: cve@mitre.org
Summary

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.

Analysis
Common Vulnerability Score System v2.0
Severity Medium
Base Score 5/10
Exploit Score 10/10
Access Vector Network
Access Complexity Low
Authentication None
Impact Score 2.9/10
Confidentiality Impact None
Availability Impact Partial
Integrity Impact None
Vector String AV:N/AC:L/Au:N/C:N/I:N/A:P
Common Vulnerability Score System v3.1
Severity High
Base Score 7.5/10
Exploit Score 3.9/10
Access Vector Network
Access Complexity Low
Privileges Required None
Impact Score 3.6/10
Confidentiality Impact None
Availability Impact High
Integrity Impact None
Scope Unchanged
User Interaction None
Vector String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Products Reported
CPE Vulnerable Start Excluding
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* Yes - 5.7
cpe:2.3:a:redhat:3scale:2.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:redhat:openstack:13.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:o:redhat:enterprise_linux_aus:7.4:*:*:*:*:*:*:* Yes - -
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:* Yes - -
cpe:2.3:o:redhat:messaging_realtime_grid:2.0:*:*:*:*:*:*:* Yes - -
References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10711
https://www.openwall.com/lists/oss-security/2020/05/12/2

CVE ID
CVE-2020-10711
Published
2020-05-22
Modified
2020-05-27
CVSSv2.0
Medium
CVSSv3.1
High
PCI Compliance
Pass
US-CERT Alert
No
CWE
CWE-476

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities.