CVE-2020-10711

CWE-476NULL Pointer Dereference16 documents8 sources
Severity
5.9MEDIUM
EPSS
5.4%
top 9.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Linux Linux KernelRED HAT KernelCanonical Ubuntu Linux+9 more
Timeline
PublishedMay 22
Latest updateJul 6

Description

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue l

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages17 packages

CVEListV5red_hat/kernelall kernel versions before 5.7
Debianlinux< 5.6.14-1+3
Ubuntulinux-hwe< 5.3.0-62.56~18.04.1
Ubuntulinux-aws-5.3< 5.3.0-1030.32~18.04.1

Also affects: Enterprise Linux 6.0, 7.0, 8.0, 7.4, Debian Linux 10.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 19.10, 20.04

Patches

Patch: bugzilla.redhat.comPatch: www.openwall.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

6
OSV
linux, linux-aws, linux-aws-5.3, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-raspi2-5.3 vulnerabilities2020-07-06
OSV
linux, linux-lts-xenial, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities2020-07-06
OSV
linux, linux-aws, inux-azure, linux-gcp, linux-kvm, linux-oracle, linux-raspi, linux-riscv vulnerabilities2020-07-06
OSV
linux-gke-5.0, linux-oem-osp1 vulnerabilities2020-07-02
OSV
CVE-2020-10711: A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 52020-05-22

📋Vendor Advisories

7
Ubuntu
Linux kernel vulnerabilities2020-07-06
Ubuntu
Linux kernel vulnerabilities2020-07-06
Ubuntu
Linux kernel vulnerabilities2020-07-06
Ubuntu
Linux kernel vulnerabilities2020-07-06
Microsoft
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category2020-05-12

💬Community

2
Bugzilla
CVE-2020-10711 kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic [fedora-all]2020-05-12
Bugzilla
CVE-2020-10711 Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic2020-04-17