Vulnerability Details : CVE-2020-10751
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.
Products affected by CVE-2020-10751
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:kernel:selinux:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-10751
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 17 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-10751
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.6
|
LOW | AV:L/AC:L/Au:N/C:P/I:P/A:N |
3.9
|
4.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
1.8
|
4.2
|
NIST | |
6.1
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
1.8
|
4.2
|
Red Hat, Inc. |
CWE ids for CVE-2020-10751
-
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.Assigned by: nvd@nist.gov (Secondary)
-
The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.Assigned by: secalert@redhat.com (Primary)
References for CVE-2020-10751
-
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
[SECURITY] [DLA 2241-2] linux security update
-
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
[security-announce] openSUSE-SU-2020:0801-1: important: Security update
-
https://usn.ubuntu.com/4413-1/
USN-4413-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu
-
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
[SECURITY] [DLA 2241-1] linux security update
-
https://usn.ubuntu.com/4390-1/
USN-4390-1: Linux kernel vulnerabilities | Ubuntu security notices
-
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
[SECURITY] [DLA 2242-1] linux-4.9 security update
-
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
https://www.debian.org/security/2020/dsa-4699
Debian -- Security Information -- DSA-4699-1 linux
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10751
1839634 – (CVE-2020-10751) CVE-2020-10751 kernel: SELinux netlink permission check bypassIssue Tracking;Patch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html
[security-announce] openSUSE-SU-2020:0935-1: important: Security update
-
https://www.openwall.com/lists/oss-security/2020/04/30/5
oss-security - Linux kernel SELinux/netlink missing access checkMailing List;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuApr2021.html
Oracle Critical Patch Update Advisory - April 2021
-
https://usn.ubuntu.com/4391-1/
USN-4391-1: Linux kernel vulnerabilities | Ubuntu security notices
-
https://usn.ubuntu.com/4412-1/
USN-4412-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.openwall.com/lists/oss-security/2020/05/27/3
oss-security - CVE-2020-10751 - Linux kernel: SELinux netlink permission check bypassMailing List;Third Party Advisory
-
https://www.debian.org/security/2020/dsa-4698
Debian -- Security Information -- DSA-4698-1 linux
-
https://usn.ubuntu.com/4389-1/
USN-4389-1: Linux kernel vulnerabilities | Ubuntu security notices
-
https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg%40mail.gmail.com/
Re: selinux_netlink_send changes program behavior - Dmitry Vyukov
Jump to