Home > Vulnerability Database > CVE-2020-10751

Mend.io Vulnerability Database

CVE-2020-10751

Good to know:

Date: May 26, 2020

A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.

Language: C

Severity Score

6.1

Related Resources (29)

Url: https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html

Url: https://www.oracle.com/security-alerts/cpuApr2021.html

Url: https://access.redhat.com/errata/RHSA-2020:4431

Url: https://usn.ubuntu.com/4389-1/

Url: https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg%40mail.gmail.com/

Url: https://www.debian.org/security/2020/dsa-4699

Url: https://www.debian.org/security/2020/dsa-4698

Url: https://security-tracker.debian.org/tracker/CVE-2020-10751

Url: https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg@mail.gmail.com/

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-10751

Url: https://usn.ubuntu.com/4412-1/

Url: https://usn.ubuntu.com/4391-1/

Url: http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html

Url: https://access.redhat.com/errata/RHSA-2020:4062

Url: https://access.redhat.com/errata/RHSA-2020:4060

Url: http://www.openwall.com/lists/oss-security/2020/05/27/3

Url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10751

Url: http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10751

Url: https://access.redhat.com/errata/RHSA-2020:4609

Url: https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html

Url: https://access.redhat.com/security/cve/CVE-2020-10751

Url: https://usn.ubuntu.com/4390-1/

Url: https://www.openwall.com/lists/oss-security/2020/04/30/5

Url: https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html

Url: https://usn.ubuntu.com/4413-1/

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1839634

Url: https://www.mend.io/vulnerability-database/CVE-2020-10751

Severity Score

6.1

Weakness Type (CWE)

Insufficient Verification of Data Authenticity

CWE-345

Acceptance of Extraneous Untrusted Data With Trusted Data

CWE-349

Top Fix

Upgrade Version

Upgrade to version v5.7-rc4

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	3.6
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-10751

Good to know:

Date: May 26, 2020

Language: C

Severity Score

Related Resources (29)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?