icon

We found results for “

CVE-2020-10751

Good to know:

icon
icon

Date: May 26, 2020

A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.

Language: C

Severity Score

Related Resources (29)

Severity Score

Weakness Type (CWE)

Insufficient Verification of Data Authenticity

CWE-345

Acceptance of Extraneous Untrusted Data With Trusted Data

CWE-349

Top Fix

icon

Upgrade Version

Upgrade to version v5.7-rc4

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us