ID CVE-2020-10751
Summary A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.
References
Vulnerable Configurations
  • cpe:2.3:a:kernel:selinux:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:selinux:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:selinux:5.2:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:selinux:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:selinux:5.3:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:selinux:5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:selinux:5.4:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:selinux:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:selinux:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:selinux:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:selinux:5.6:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:selinux:5.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*
CVSS
Base: 3.6 (as of 12-02-2023 - 23:39)
Impact:
Exploitability:
CWE CWE-349
CAPEC
  • DNS Cache Poisoning
    A domain name server translates a domain name (such as www.example.com) into an IP address that Internet hosts use to contact Internet resources. An adversary modifies a public DNS cache to cause certain names to resolve to incorrect addresses that the adversary specifies. The result is that client applications that rely upon the targeted cache for domain name resolution will be directed not to the actual address of the specified domain name but to some other address. Adversaries can use this to herd clients to sites that install malware on the victim's computer or to masquerade as part of a Pharming attack.
  • Manipulating Writeable Configuration Files
    Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.
  • Cache Poisoning
    An attacker exploits the functionality of cache technologies to cause specific data to be cached that aids the attackers' objectives. This describes any attack whereby an attacker places incorrect or harmful material in cache. The targeted cache can be an application's cache (e.g. a web browser cache) or a public cache (e.g. a DNS or ARP cache). Until the cache is refreshed, most applications or clients will treat the corrupted cache value as valid. This can lead to a wide range of exploits including redirecting web browsers towards sites that install malware and repeatedly incorrect calculations based on the incorrect value.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:N
redhat via4
rpms
  • bpftool-0:3.10.0-1160.el7
  • bpftool-debuginfo-0:3.10.0-1160.el7
  • kernel-0:3.10.0-1160.el7
  • kernel-abi-whitelists-0:3.10.0-1160.el7
  • kernel-bootwrapper-0:3.10.0-1160.el7
  • kernel-debug-0:3.10.0-1160.el7
  • kernel-debug-debuginfo-0:3.10.0-1160.el7
  • kernel-debug-devel-0:3.10.0-1160.el7
  • kernel-debuginfo-0:3.10.0-1160.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-1160.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-1160.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-1160.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-1160.el7
  • kernel-devel-0:3.10.0-1160.el7
  • kernel-doc-0:3.10.0-1160.el7
  • kernel-headers-0:3.10.0-1160.el7
  • kernel-kdump-0:3.10.0-1160.el7
  • kernel-kdump-debuginfo-0:3.10.0-1160.el7
  • kernel-kdump-devel-0:3.10.0-1160.el7
  • kernel-tools-0:3.10.0-1160.el7
  • kernel-tools-debuginfo-0:3.10.0-1160.el7
  • kernel-tools-libs-0:3.10.0-1160.el7
  • kernel-tools-libs-devel-0:3.10.0-1160.el7
  • perf-0:3.10.0-1160.el7
  • perf-debuginfo-0:3.10.0-1160.el7
  • python-perf-0:3.10.0-1160.el7
  • python-perf-debuginfo-0:3.10.0-1160.el7
  • kernel-rt-0:3.10.0-1160.rt56.1131.el7
  • kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7
  • kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7
  • kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7
  • kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7
  • kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7
  • kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7
  • kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7
  • kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7
  • kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7
  • kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7
  • bpftool-0:4.18.0-240.el8
  • bpftool-debuginfo-0:4.18.0-240.el8
  • kernel-0:4.18.0-240.el8
  • kernel-abi-whitelists-0:4.18.0-240.el8
  • kernel-core-0:4.18.0-240.el8
  • kernel-cross-headers-0:4.18.0-240.el8
  • kernel-debug-0:4.18.0-240.el8
  • kernel-debug-core-0:4.18.0-240.el8
  • kernel-debug-debuginfo-0:4.18.0-240.el8
  • kernel-debug-devel-0:4.18.0-240.el8
  • kernel-debug-modules-0:4.18.0-240.el8
  • kernel-debug-modules-extra-0:4.18.0-240.el8
  • kernel-debuginfo-0:4.18.0-240.el8
  • kernel-debuginfo-common-aarch64-0:4.18.0-240.el8
  • kernel-debuginfo-common-ppc64le-0:4.18.0-240.el8
  • kernel-debuginfo-common-s390x-0:4.18.0-240.el8
  • kernel-debuginfo-common-x86_64-0:4.18.0-240.el8
  • kernel-devel-0:4.18.0-240.el8
  • kernel-doc-0:4.18.0-240.el8
  • kernel-headers-0:4.18.0-240.el8
  • kernel-modules-0:4.18.0-240.el8
  • kernel-modules-extra-0:4.18.0-240.el8
  • kernel-tools-0:4.18.0-240.el8
  • kernel-tools-debuginfo-0:4.18.0-240.el8
  • kernel-tools-libs-0:4.18.0-240.el8
  • kernel-tools-libs-devel-0:4.18.0-240.el8
  • kernel-zfcpdump-0:4.18.0-240.el8
  • kernel-zfcpdump-core-0:4.18.0-240.el8
  • kernel-zfcpdump-debuginfo-0:4.18.0-240.el8
  • kernel-zfcpdump-devel-0:4.18.0-240.el8
  • kernel-zfcpdump-modules-0:4.18.0-240.el8
  • kernel-zfcpdump-modules-extra-0:4.18.0-240.el8
  • perf-0:4.18.0-240.el8
  • perf-debuginfo-0:4.18.0-240.el8
  • python3-perf-0:4.18.0-240.el8
  • python3-perf-debuginfo-0:4.18.0-240.el8
  • kernel-rt-0:4.18.0-240.rt7.54.el8
  • kernel-rt-core-0:4.18.0-240.rt7.54.el8
  • kernel-rt-debug-0:4.18.0-240.rt7.54.el8
  • kernel-rt-debug-core-0:4.18.0-240.rt7.54.el8
  • kernel-rt-debug-debuginfo-0:4.18.0-240.rt7.54.el8
  • kernel-rt-debug-devel-0:4.18.0-240.rt7.54.el8
  • kernel-rt-debug-kvm-0:4.18.0-240.rt7.54.el8
  • kernel-rt-debug-modules-0:4.18.0-240.rt7.54.el8
  • kernel-rt-debug-modules-extra-0:4.18.0-240.rt7.54.el8
  • kernel-rt-debuginfo-0:4.18.0-240.rt7.54.el8
  • kernel-rt-debuginfo-common-x86_64-0:4.18.0-240.rt7.54.el8
  • kernel-rt-devel-0:4.18.0-240.rt7.54.el8
  • kernel-rt-kvm-0:4.18.0-240.rt7.54.el8
  • kernel-rt-modules-0:4.18.0-240.rt7.54.el8
  • kernel-rt-modules-extra-0:4.18.0-240.rt7.54.el8
refmap via4
confirm
debian
  • DSA-4698
  • DSA-4699
mlist
  • [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
  • [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
  • [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
  • [oss-security] 20200527 CVE-2020-10751 - Linux kernel: SELinux netlink permission check bypass
suse
  • openSUSE-SU-2020:0801
  • openSUSE-SU-2020:0935
ubuntu
  • USN-4389-1
  • USN-4390-1
  • USN-4391-1
  • USN-4412-1
  • USN-4413-1
Last major update 12-02-2023 - 23:39
Published 26-05-2020 - 15:15
Last modified 12-02-2023 - 23:39
Back to Top