Vulnerability DatabaseCVE-2020-10751
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2020-10751
May 26, 2020
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.
Related ResourcesĀ (27)
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
https://www.oracle.com/security-alerts/cpuApr2021.html
http://www.openwall.com/lists/oss-security/2020/05/27/3
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
https://usn.ubuntu.com/4389-1/
https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg@mail.gmail.com/
https://access.redhat.com/errata/RHSA-2020:4609
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10751
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html
https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10751
https://usn.ubuntu.com/4412-1/
https://usn.ubuntu.com/4391-1/
https://bugzilla.redhat.com/show_bug.cgi?id=1839634
https://security-tracker.debian.org/tracker/CVE-2020-10751
https://access.redhat.com/errata/RHSA-2020:4431
https://www.debian.org/security/2020/dsa-4699
https://usn.ubuntu.com/4390-1/
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
https://www.openwall.com/lists/oss-security/2020/04/30/5
https://www.debian.org/security/2020/dsa-4698
https://access.redhat.com/security/cve/CVE-2020-10751
https://access.redhat.com/errata/RHSA-2020:4062
https://access.redhat.com/errata/RHSA-2020:4060
https://usn.ubuntu.com/4413-1/
https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg%40mail.gmail.com/
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.9
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.1
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
NONE
CVSS v2
Base Score:
3.6
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
Weakness Type (CWE)
Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-349
Insufficient Verification of Data Authenticity
CWE-345
EPSS
Base Score:
0.08