CVE-2020-10711

Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic

Severity Score

5.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.

Se encontró un fallo de desreferencia de puntero NULL en el subsistema SELinux del kernel de Linux en versiones anteriores a 5.7. Este fallo se produce al importar la categoría de protocolo Commercial IP Security Option (CIPSO) en el mapa de bits extensible de SELinux por medio de la rutina "ebitmap_netlbl_import". Mientras procesa la etiqueta de mapa de bits restringido CIPSO en la rutina "cipso_v4_parsetag_rbm", establece el atributo de seguridad para indicar que la categoría de mapa de bits está presente, incluso si no ha sido asignada. Esto conlleva a un problema de desreferencia de puntero NULL al importar el mismo mapa de bits de categoría hacia SELinux. Este fallo permite a un usuario remoto de la red bloquear el kernel del sistema, resultando en una denegación de servicio.

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-03-20 CVE Reserved
2020-05-12 CVE Published
2024-04-12 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (15)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html	Mailing List
https://security.netapp.com/advisory/ntap-20200608-0001	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10711	2023-11-07
https://www.openwall.com/lists/oss-security/2020/05/12/2	2023-11-07

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html	2023-11-07
https://usn.ubuntu.com/4411-1	2023-11-07
https://usn.ubuntu.com/4412-1	2023-11-07
https://usn.ubuntu.com/4413-1	2023-11-07
https://usn.ubuntu.com/4414-1	2023-11-07
https://usn.ubuntu.com/4419-1	2023-11-07
https://www.debian.org/security/2020/dsa-4698	2023-11-07
https://www.debian.org/security/2020/dsa-4699	2023-11-07
https://access.redhat.com/security/cve/CVE-2020-10711	2020-06-11
https://bugzilla.redhat.com/show_bug.cgi?id=1825116	2020-06-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.7 Search vendor "Linux" for product "Linux Kernel" and version " < 5.7"		-		Affected
Redhat Search vendor "Redhat"		3scale Search vendor "Redhat" for product "3scale"				2.0 Search vendor "Redhat" for product "3scale" and version "2.0"		-		Affected
Redhat Search vendor "Redhat"		Openstack Search vendor "Redhat" for product "Openstack"				13 Search vendor "Redhat" for product "Openstack" and version "13"		-		Affected
Redhat Search vendor "Redhat"		Virtualization Host Search vendor "Redhat" for product "Virtualization Host"				4.0 Search vendor "Redhat" for product "Virtualization Host" and version "4.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Aus Search vendor "Redhat" for product "Enterprise Linux Aus"				7.4 Search vendor "Redhat" for product "Enterprise Linux Aus" and version "7.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				7.4 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.4"		-		Affected
Redhat Search vendor "Redhat"		Messaging Realtime Grid Search vendor "Redhat" for product "Messaging Realtime Grid"				2.0 Search vendor "Redhat" for product "Messaging Realtime Grid" and version "2.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.1 Search vendor "Opensuse" for product "Leap" and version "15.1"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.2 Search vendor "Opensuse" for product "Leap" and version "15.2"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		esm		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		esm		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04"		lts		Affected