CVE-2020-10742Out-of-bounds Write in Linux

CWE-787Out-of-bounds Write9 documents7 sources
Severity
6.0MEDIUMNVD
EPSS
0.1%
top 84.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelDebian LinuxRedhat Enterprise Linux
Timeline
PublishedJun 2
Latest updateMay 24

Description

A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:HExploitability: 0.8 | Impact: 5.2

Affected Packages2 packages

Debianlinux/linux_kernel< 3.16.2-2+3
debiandebian/linux< linux 3.16.2-2 (bookworm)

Also affects: Enterprise Linux 6.0

🔴Vulnerability Details

3
GHSA
GHSA-9gvv-jxrj-2xcq: A flaw was found in the Linux kernel2022-05-24
OSV
CVE-2020-10742: A flaw was found in the Linux kernel2021-06-02
Kernel
fortify: Detect struct member overflows in memcpy() at compile-time2021-04-20

📋Vendor Advisories

2
Red Hat
kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic2020-05-13
Debian
CVE-2020-10742: linux - A flaw was found in the Linux kernel. An index buffer overflow during Direct IO ...2020

💬Community

3
Bugzilla
CVE-2020-10742 kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic [fedora-all]2020-05-13
Bugzilla
CVE-2020-10742 kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic2020-05-13
Bugzilla
CVE-2020-10742 kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic [rhel-7]2020-04-15
CVE-2020-10742 — Out-of-bounds Write in Debian Linux | cvebase