CVE-2020-10711

CVE Details

Release Date:

2020-05-22

Description

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.

See more information about CVE-2020-10711 from MITRE CVE dictionary and NIST NVD

CVSS v3.0 metrics

NOTE: The following CVSS v3.0 metrics and score provided are preliminary and subject to review.

Base Score:	5.9	Base Metrics:	AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Vector:	Network	Attack Complexity:	High
Privileges Required:	None	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	None
Integrity Impact:	None	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 6 (kernel)	ELSA-2020-2103	2020-05-13
Oracle Linux version 6 (kernel-uek)	ELSA-2021-9002	2021-01-07
Oracle Linux version 7 (kernel)	ELSA-2020-2082	2020-05-14
Oracle Linux version 7 (kernel-uek)	ELSA-2020-5755	2020-07-10
Oracle Linux version 7 (kernel-uek)	ELSA-2020-5756	2020-07-14
Oracle Linux version 7 (kernel-uek)	ELSA-2021-9002	2021-01-07
Oracle Linux version 8 (kernel)	ELSA-2020-2102	2020-05-13
Oracle Linux version 8 (kernel-uek)	ELSA-2020-5756	2020-07-14
Oracle VM version 3.4 (kernel-uek)	OVMSA-2021-0001	2021-01-07

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team