CVE-2020-11565 — Out-of-bounds Write in Kernel
Severity
6.0MEDIUMNVD
OSV7.8OSV7.5OSV6.7OSV4.4
EPSS
0.1%
top 75.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 6
Latest updateMay 24
Description
An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.”
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 0.8 | Impact: 5.2
Affected Packages3 packages
Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 20.04
Patches
🔴Vulnerability Details
10OSV▶
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2020-05-28
OSV▶
linux, linux-aws, linux-aws-5.3, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-raspi2 vulnerabilities↗2020-05-24