CVE-2020-10711
Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.
Se encontró un fallo de desreferencia de puntero NULL en el subsistema SELinux del kernel de Linux en versiones anteriores a 5.7. Este fallo se produce al importar la categoría de protocolo Commercial IP Security Option (CIPSO) en el mapa de bits extensible de SELinux por medio de la rutina "ebitmap_netlbl_import". Mientras procesa la etiqueta de mapa de bits restringido CIPSO en la rutina "cipso_v4_parsetag_rbm", establece el atributo de seguridad para indicar que la categoría de mapa de bits está presente, incluso si no ha sido asignada. Esto conlleva a un problema de desreferencia de puntero NULL al importar el mismo mapa de bits de categoría hacia SELinux. Este fallo permite a un usuario remoto de la red bloquear el kernel del sistema, resultando en una denegación de servicio.
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-03-20 CVE Reserved
- 2020-05-12 CVE Published
- 2024-04-12 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (15)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html | Mailing List | |
https://security.netapp.com/advisory/ntap-20200608-0001 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10711 | 2023-11-07 | |
https://www.openwall.com/lists/oss-security/2020/05/12/2 | 2023-11-07 |
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html | 2023-11-07 | |
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html | 2023-11-07 | |
https://usn.ubuntu.com/4411-1 | 2023-11-07 | |
https://usn.ubuntu.com/4412-1 | 2023-11-07 | |
https://usn.ubuntu.com/4413-1 | 2023-11-07 | |
https://usn.ubuntu.com/4414-1 | 2023-11-07 | |
https://usn.ubuntu.com/4419-1 | 2023-11-07 | |
https://www.debian.org/security/2020/dsa-4698 | 2023-11-07 | |
https://www.debian.org/security/2020/dsa-4699 | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2020-10711 | 2020-06-11 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1825116 | 2020-06-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.7 Search vendor "Linux" for product "Linux Kernel" and version " < 5.7" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | 3scale Search vendor "Redhat" for product "3scale" | 2.0 Search vendor "Redhat" for product "3scale" and version "2.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 13 Search vendor "Redhat" for product "Openstack" and version "13" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Virtualization Host Search vendor "Redhat" for product "Virtualization Host" | 4.0 Search vendor "Redhat" for product "Virtualization Host" and version "4.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Aus Search vendor "Redhat" for product "Enterprise Linux Aus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Aus" and version "7.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Messaging Realtime Grid Search vendor "Redhat" for product "Messaging Realtime Grid" | 2.0 Search vendor "Redhat" for product "Messaging Realtime Grid" and version "2.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.2 Search vendor "Opensuse" for product "Leap" and version "15.2" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | lts |
Affected
|