Security restrictions bypass in SELinux netlink



Published: 2020-05-27
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2020-10751
CWE-ID CWE-264
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU28290

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-10751

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due in the Linux kernels SELinux LSM hook implementation where the kernel incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Linux kernel: 2.6.12 - 5.6.14


CPE2.3 External links

http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10751
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6
http://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg@mail.gmail.com/
http://www.openwall.com/lists/oss-security/2020/04/30/5

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###