Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-10711
HistoryMay 12, 2020 - 12:00 a.m.

CVE-2020-10711

2020-05-1200:00:00
ubuntu.com
ubuntu.com
22

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.006 Low

EPSS

Percentile

77.7%

A NULL pointer dereference flaw was found in the Linux kernel’s SELinux
subsystem in versions before 5.7. This flaw occurs while importing the
Commercial IP Security Option (CIPSO) protocol’s category bitmap into the
SELinux extensible bitmap via the’ ebitmap_netlbl_import’ routine. While
processing the CIPSO restricted bitmap tag in the ‘cipso_v4_parsetag_rbm’
routine, it sets the security attribute to indicate that the category
bitmap is present, even if it has not been allocated. This issue leads to a
NULL pointer dereference issue while importing the same category bitmap
into SELinux. This flaw allows a remote network user to crash the system
kernel, resulting in a denial of service.

Notes

Author Note
sbeattie SELinux is not the default MAC used in Ubuntu
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux-hwe-5.4< 5.4.0-40.44~18.04.1UNKNOWN
ubuntu20.04noarchlinux-oem-5.6< 5.6.0-1011.11UNKNOWN
ubuntu18.04noarchlinux< 4.15.0-109.110UNKNOWN
ubuntu19.10noarchlinux< 5.3.0-62.56UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-40.44UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-185.215UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1077.81UNKNOWN
ubuntu19.10noarchlinux-aws< 5.3.0-1030.32UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1074.78) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1110.121UNKNOWN
Rows per page:
1-10 of 491

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.006 Low

EPSS

Percentile

77.7%