CVE-2020-35501 — Incorrect Authorization in Kernel

CWE-863 — Incorrect Authorization7 documents7 sources

Severity

3.4LOWNVD

EPSS

0.1%

top 75.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Redhat Enterprise Linux

Timeline

PublishedMar 30

Latest updateMar 31

Description

A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:NExploitability: 0.8 | Impact: 2.5

Affected Packages2 packages

▶NVDlinux/linux_kernel5.17

▶CVEListV5linux/linux_kernelaffecting all versions up to kernel 5.17

Also affects: Enterprise Linux 7.0, 8.0

🔴Vulnerability Details

GHSA

GHSA-2865-989q-255f: A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subs↗2022-03-31

▶

CVEList

CVE-2020-35501: A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subs↗2022-03-30

▶

OSV

CVE-2020-35501: A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subs↗2022-03-30

▶

📋Vendor Advisories

Microsoft

A flaw was found in the Linux kernels implementation of audit rules where a syscall can unexpectedly not be correctly not be logged by the audit subsystem↗2022-03-08

▶

Red Hat

kernel: audit not logging access to syscall open_by_handle_at for users with CAP_DAC_READ_SEARCH capability↗2021-03-05

▶

Debian

CVE-2020-35501: linux - A flaw was found in the Linux kernels implementation of audit rules, where a sys...↗2020

▶