ID |
CVE-2020-10751
|
Summary |
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:kernel:selinux:3.0:*:*:*:*:*:*:*
cpe:2.3:a:kernel:selinux:3.0:*:*:*:*:*:*:*
-
cpe:2.3:a:kernel:selinux:5.2:*:*:*:*:*:*:*
cpe:2.3:a:kernel:selinux:5.2:*:*:*:*:*:*:*
-
cpe:2.3:a:kernel:selinux:5.3:*:*:*:*:*:*:*
cpe:2.3:a:kernel:selinux:5.3:*:*:*:*:*:*:*
-
cpe:2.3:a:kernel:selinux:5.4:*:*:*:*:*:*:*
cpe:2.3:a:kernel:selinux:5.4:*:*:*:*:*:*:*
-
cpe:2.3:a:kernel:selinux:5.5:*:*:*:*:*:*:*
cpe:2.3:a:kernel:selinux:5.5:*:*:*:*:*:*:*
-
cpe:2.3:a:kernel:selinux:5.6:*:*:*:*:*:*:*
cpe:2.3:a:kernel:selinux:5.6:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*
|
CVSS |
Base: | 3.6 (as of 12-02-2023 - 23:39) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-349 |
CAPEC |
-
DNS Cache Poisoning
A domain name server translates a domain name (such as www.example.com) into an IP address that Internet hosts use to contact Internet resources. An adversary modifies a public DNS cache to cause certain names to resolve to incorrect addresses that the adversary specifies. The result is that client applications that rely upon the targeted cache for domain name resolution will be directed not to the actual address of the specified domain name but to some other address. Adversaries can use this to herd clients to sites that install malware on the victim's computer or to masquerade as part of a Pharming attack.
-
Manipulating Writeable Configuration Files
Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.
-
Cache Poisoning
An attacker exploits the functionality of cache technologies to cause specific data to be cached that aids the attackers' objectives. This describes any attack whereby an attacker places incorrect or harmful material in cache. The targeted cache can be an application's cache (e.g. a web browser cache) or a public cache (e.g. a DNS or ARP cache). Until the cache is refreshed, most applications or clients will treat the corrupted cache value as valid. This can lead to a wide range of exploits including redirecting web browsers towards sites that install malware and repeatedly incorrect calculations based on the incorrect value.
|
Access |
Vector | Complexity | Authentication |
LOCAL |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
NONE |
|
cvss-vector
via4
|
AV:L/AC:L/Au:N/C:P/I:P/A:N
|
redhat
via4
|
rpms | - bpftool-0:3.10.0-1160.el7
- bpftool-debuginfo-0:3.10.0-1160.el7
- kernel-0:3.10.0-1160.el7
- kernel-abi-whitelists-0:3.10.0-1160.el7
- kernel-bootwrapper-0:3.10.0-1160.el7
- kernel-debug-0:3.10.0-1160.el7
- kernel-debug-debuginfo-0:3.10.0-1160.el7
- kernel-debug-devel-0:3.10.0-1160.el7
- kernel-debuginfo-0:3.10.0-1160.el7
- kernel-debuginfo-common-ppc64-0:3.10.0-1160.el7
- kernel-debuginfo-common-ppc64le-0:3.10.0-1160.el7
- kernel-debuginfo-common-s390x-0:3.10.0-1160.el7
- kernel-debuginfo-common-x86_64-0:3.10.0-1160.el7
- kernel-devel-0:3.10.0-1160.el7
- kernel-doc-0:3.10.0-1160.el7
- kernel-headers-0:3.10.0-1160.el7
- kernel-kdump-0:3.10.0-1160.el7
- kernel-kdump-debuginfo-0:3.10.0-1160.el7
- kernel-kdump-devel-0:3.10.0-1160.el7
- kernel-tools-0:3.10.0-1160.el7
- kernel-tools-debuginfo-0:3.10.0-1160.el7
- kernel-tools-libs-0:3.10.0-1160.el7
- kernel-tools-libs-devel-0:3.10.0-1160.el7
- perf-0:3.10.0-1160.el7
- perf-debuginfo-0:3.10.0-1160.el7
- python-perf-0:3.10.0-1160.el7
- python-perf-debuginfo-0:3.10.0-1160.el7
- kernel-rt-0:3.10.0-1160.rt56.1131.el7
- kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7
- kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7
- kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7
- kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7
- kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7
- kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7
- kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7
- kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7
- kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7
- kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7
- kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7
- kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7
- kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7
- kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7
- kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7
- kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7
- bpftool-0:4.18.0-240.el8
- bpftool-debuginfo-0:4.18.0-240.el8
- kernel-0:4.18.0-240.el8
- kernel-abi-whitelists-0:4.18.0-240.el8
- kernel-core-0:4.18.0-240.el8
- kernel-cross-headers-0:4.18.0-240.el8
- kernel-debug-0:4.18.0-240.el8
- kernel-debug-core-0:4.18.0-240.el8
- kernel-debug-debuginfo-0:4.18.0-240.el8
- kernel-debug-devel-0:4.18.0-240.el8
- kernel-debug-modules-0:4.18.0-240.el8
- kernel-debug-modules-extra-0:4.18.0-240.el8
- kernel-debuginfo-0:4.18.0-240.el8
- kernel-debuginfo-common-aarch64-0:4.18.0-240.el8
- kernel-debuginfo-common-ppc64le-0:4.18.0-240.el8
- kernel-debuginfo-common-s390x-0:4.18.0-240.el8
- kernel-debuginfo-common-x86_64-0:4.18.0-240.el8
- kernel-devel-0:4.18.0-240.el8
- kernel-doc-0:4.18.0-240.el8
- kernel-headers-0:4.18.0-240.el8
- kernel-modules-0:4.18.0-240.el8
- kernel-modules-extra-0:4.18.0-240.el8
- kernel-tools-0:4.18.0-240.el8
- kernel-tools-debuginfo-0:4.18.0-240.el8
- kernel-tools-libs-0:4.18.0-240.el8
- kernel-tools-libs-devel-0:4.18.0-240.el8
- kernel-zfcpdump-0:4.18.0-240.el8
- kernel-zfcpdump-core-0:4.18.0-240.el8
- kernel-zfcpdump-debuginfo-0:4.18.0-240.el8
- kernel-zfcpdump-devel-0:4.18.0-240.el8
- kernel-zfcpdump-modules-0:4.18.0-240.el8
- kernel-zfcpdump-modules-extra-0:4.18.0-240.el8
- perf-0:4.18.0-240.el8
- perf-debuginfo-0:4.18.0-240.el8
- python3-perf-0:4.18.0-240.el8
- python3-perf-debuginfo-0:4.18.0-240.el8
- kernel-rt-0:4.18.0-240.rt7.54.el8
- kernel-rt-core-0:4.18.0-240.rt7.54.el8
- kernel-rt-debug-0:4.18.0-240.rt7.54.el8
- kernel-rt-debug-core-0:4.18.0-240.rt7.54.el8
- kernel-rt-debug-debuginfo-0:4.18.0-240.rt7.54.el8
- kernel-rt-debug-devel-0:4.18.0-240.rt7.54.el8
- kernel-rt-debug-kvm-0:4.18.0-240.rt7.54.el8
- kernel-rt-debug-modules-0:4.18.0-240.rt7.54.el8
- kernel-rt-debug-modules-extra-0:4.18.0-240.rt7.54.el8
- kernel-rt-debuginfo-0:4.18.0-240.rt7.54.el8
- kernel-rt-debuginfo-common-x86_64-0:4.18.0-240.rt7.54.el8
- kernel-rt-devel-0:4.18.0-240.rt7.54.el8
- kernel-rt-kvm-0:4.18.0-240.rt7.54.el8
- kernel-rt-modules-0:4.18.0-240.rt7.54.el8
- kernel-rt-modules-extra-0:4.18.0-240.rt7.54.el8
|
|
refmap
via4
|
confirm | | debian | | mlist | - [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- [oss-security] 20200527 CVE-2020-10751 - Linux kernel: SELinux netlink permission check bypass
| suse | - openSUSE-SU-2020:0801
- openSUSE-SU-2020:0935
| ubuntu | - USN-4389-1
- USN-4390-1
- USN-4391-1
- USN-4412-1
- USN-4413-1
|
|
Last major update |
12-02-2023 - 23:39 |
Published |
26-05-2020 - 15:15 |
Last modified |
12-02-2023 - 23:39 |