CVE-2020-10711

MEDIUM

Linux kernel <5.7 - NULL Pointer Dereference

Title source: llm

Description

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.

References (13)

Core 13

Core References

Issue Tracking, Patch, Third Party Advisory x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10711

Mailing List, Patch, Third Party Advisory x_refsource_confirm

https://www.openwall.com/lists/oss-security/2020/05/12/2

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20200608-0001/

Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2020/dsa-4698

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2020/dsa-4699

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4413-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4411-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4412-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4419-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4414-1/

Scores

CVSS v3 5.9

EPSS 0.0544

EPSS Percentile 90.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (20)

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 19.10

canonical/ubuntu_linux 20.04

debian/debian_linux 8.0

debian/debian_linux 9.0

debian/debian_linux 10.0

linux/linux_kernel < 5.7

opensuse/leap 15.1

... and 10 more

Published May 22, 2020

Tracked Since Feb 18, 2026