Vulnerabilities > CVE-2020-10711 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2289.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2289 advisory. - kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595) - kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126) - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) - kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846) - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-05 modified 2020-06-03 plugin id 137060 published 2020-06-03 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137060 title RHEL 7 : kernel (RHSA-2020:2289) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2289. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(137060); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id( "CVE-2017-18595", "CVE-2019-3846", "CVE-2019-10126", "CVE-2019-19768", "CVE-2020-10711" ); script_bugtraq_id(108521, 108817); script_xref(name:"RHSA", value:"2020:2289"); script_name(english:"RHEL 7 : kernel (RHSA-2020:2289)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2289 advisory. - kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595) - kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126) - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) - kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846) - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/416.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/122.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/416.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/122.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/476.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2289"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2017-18595"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-10126"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-19768"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-3846"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-10711"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1713059"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1716992"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1758671"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1786164"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1825116"); script_set_attribute(attribute:"solution", value: "Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3846"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(122, 416, 476); script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/03"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/03"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_eus:7.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_eus:7.6::computenode"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_eus:7.6::server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bpftool"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); include('ksplice.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^7\.6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); if (get_one_kb_item('Host/ksplice/kernel-cves')) { rm_kb_item(name:'Host/uptrack-uname-r'); cve_list = make_list('CVE-2017-18595', 'CVE-2019-3846', 'CVE-2019-10126', 'CVE-2019-19768', 'CVE-2020-10711'); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:2289'); } else { __rpm_report = ksplice_reporting_text(); } } pkgs = [ {'reference':'bpftool-3.10.0-957.54.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7'}, {'reference':'kernel-3.10.0-957.54.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7'}, {'reference':'kernel-3.10.0-957.54.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7'}, {'reference':'kernel-abi-whitelists-3.10.0-957.54.1.el7', 'sp':'6', 'release':'7'}, {'reference':'kernel-debug-3.10.0-957.54.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7'}, {'reference':'kernel-debug-3.10.0-957.54.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7'}, {'reference':'kernel-debug-devel-3.10.0-957.54.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7'}, {'reference':'kernel-debug-devel-3.10.0-957.54.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7'}, {'reference':'kernel-devel-3.10.0-957.54.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7'}, {'reference':'kernel-devel-3.10.0-957.54.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7'}, {'reference':'kernel-headers-3.10.0-957.54.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7'}, {'reference':'kernel-headers-3.10.0-957.54.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7'}, {'reference':'kernel-kdump-3.10.0-957.54.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7'}, {'reference':'kernel-kdump-devel-3.10.0-957.54.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7'}, {'reference':'kernel-tools-3.10.0-957.54.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7'}, {'reference':'kernel-tools-libs-3.10.0-957.54.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7'}, {'reference':'kernel-tools-libs-devel-3.10.0-957.54.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7'}, {'reference':'perf-3.10.0-957.54.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7'}, {'reference':'perf-3.10.0-957.54.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7'}, {'reference':'python-perf-3.10.0-957.54.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7'}, {'reference':'python-perf-3.10.0-957.54.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; allowmaj = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj']; if (reference && release) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++; } } if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc'); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2429.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2429 advisory. - kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660) - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) - Kernel: s390: page table upgrade in secondary address mode may lead to privilege escalation (CVE-2020-11884) - kernel: use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body (CVE-2020-12657) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-12 modified 2020-06-09 plugin id 137275 published 2020-06-09 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137275 title RHEL 8 : kernel (RHSA-2020:2429) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2103.NASL description The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2103 advisory. - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-31 modified 2020-05-12 plugin id 136523 published 2020-05-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136523 title RHEL 6 : kernel (RHSA-2020:2103) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2214.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2214 advisory. - kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595) - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-31 modified 2020-05-20 plugin id 136714 published 2020-05-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136714 title RHEL 7 : kernel (RHSA-2020:2214) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2082.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2082 advisory. - kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595) - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-15 modified 2020-05-12 plugin id 136518 published 2020-05-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136518 title RHEL 7 : kernel (RHSA-2020:2082) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-3_0-0089_LINUX.NASL description An update of the linux package has been released. last seen 2020-06-12 modified 2020-05-13 plugin id 136579 published 2020-05-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136579 title Photon OS 3.0: Linux PHSA-2020-3.0-0089 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-2102.NASL description From Red Hat Security Advisory 2020:2102 : The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2102 advisory. - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) - Kernel: s390: page table upgrade in secondary address mode may lead to privilege escalation (CVE-2020-11884) - Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources (CVE-2020-2732) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-06 modified 2020-05-15 plugin id 136646 published 2020-05-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136646 title Oracle Linux 8 : kernel (ELSA-2020-2102) NASL family Scientific Linux Local Security Checks NASL id SL_20200512_KERNEL_ON_SL6_X.NASL description Security Fix(es) : - Kernel: NetLabel: NULL pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) last seen 2020-06-06 modified 2020-05-14 plugin id 136603 published 2020-05-14 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136603 title Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20200512) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2242.NASL description The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2242 advisory. - kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595) - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-31 modified 2020-05-20 plugin id 136737 published 2020-05-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136737 title RHEL 6 : kernel-rt (RHSA-2020:2242) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-2_0-0242_LINUX.NASL description An update of the linux package has been released. last seen 2020-06-12 modified 2020-05-13 plugin id 136570 published 2020-05-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136570 title Photon OS 2.0: Linux PHSA-2020-2.0-0242 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2522.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2522 advisory. - kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595) - kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169) - kernel: denial of service via ioctl call in network tun handling (CVE-2018-7191) - Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639) - kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service (CVE-2019-12382) - kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233) - kernel: integer overflow and OOB read in drivers/block/floppy.c (CVE-2019-14283) - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) - kernel: perf_event_open() and execve() race in setuid programs allows a data leak (CVE-2019-3901) - kernel: brcmfmac frame validation bypass (CVE-2019-9503) - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-12 modified 2020-06-11 plugin id 137363 published 2020-06-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137363 title RHEL 7 : kernel (RHSA-2020:2522) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-1_0-0293_LINUX.NASL description An update of the linux package has been released. last seen 2020-06-12 modified 2020-05-13 plugin id 136550 published 2020-05-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136550 title Photon OS 1.0: Linux PHSA-2020-1.0-0293 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2277.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2277 advisory. - kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595) - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-05 modified 2020-06-03 plugin id 137062 published 2020-06-03 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137062 title RHEL 7 : kernel (RHSA-2020:2277) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2199.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2199 advisory. - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) - Kernel: s390: page table upgrade in secondary address mode may lead to privilege escalation (CVE-2020-11884) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-31 modified 2020-05-20 plugin id 136717 published 2020-05-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136717 title RHEL 8 : kernel (RHSA-2020:2199) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1592.NASL description According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel last seen 2020-06-11 modified 2020-05-26 plugin id 136870 published 2020-05-26 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136870 title EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1592) NASL family Fedora Local Security Checks NASL id FEDORA_2020-C6B9FFF7F8.NASL description The 5.6.13 stable kernel update contains a number of important fixes across the tree ---- The 5.6.12 stable update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-31 modified 2020-05-20 plugin id 136725 published 2020-05-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136725 title Fedora 31 : kernel (2020-c6b9fff7f8) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2020-1366.NASL description A NULL pointer dereference flaw was found in the Linux kernel last seen 2020-06-06 modified 2020-05-15 plugin id 136627 published 2020-05-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136627 title Amazon Linux AMI : kernel (ALAS-2020-1366) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2242.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-2182 Hanjun Guo and Lei Li reported a race condition in the arm64 virtual memory management code, which could lead to an information disclosure, denial of service (crash), or possibly privilege escalation. CVE-2019-5108 Mitchell Frank of Cisco discovered that when the IEEE 802.11 (WiFi) stack was used in AP mode with roaming, it would trigger roaming for a newly associated station before the station was authenticated. An attacker within range of the AP could use this to cause a denial of service, either by filling up a switching table or by redirecting traffic away from other stations. CVE-2019-19319 Jungyeon discovered that a crafted filesystem can cause the ext4 implementation to deallocate or reallocate journal blocks. A user permitted to mount filesystems could use this to cause a denial of service (crash), or possibly for privilege escalation. CVE-2019-19462 The syzbot tool found a missing error check in the last seen 2020-06-12 modified 2020-06-11 plugin id 137339 published 2020-06-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137339 title Debian DLA-2242-1 : linux-4.9 security update NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2102.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2102 advisory. - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) - Kernel: s390: page table upgrade in secondary address mode may lead to privilege escalation (CVE-2020-11884) - Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources (CVE-2020-2732) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-15 modified 2020-05-12 plugin id 136526 published 2020-05-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136526 title RHEL 8 : kernel (RHSA-2020:2102) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2285.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2285 advisory. - kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595) - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-05 modified 2020-06-03 plugin id 137061 published 2020-06-03 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137061 title RHEL 7 : kernel (RHSA-2020:2285) NASL family Scientific Linux Local Security Checks NASL id SL_20200512_KERNEL_ON_SL7_X.NASL description Security Fix(es) : - kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595) - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) - Kernel: NetLabel: NULL pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) last seen 2020-05-22 modified 2020-05-18 plugin id 136690 published 2020-05-18 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136690 title Scientific Linux Security Update : kernel on SL7.x x86_64 (20200512) NASL family Virtuozzo Local Security Checks NASL id VIRTUOZZO_VZA-2020-037.NASL description According to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic. - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow. - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c. - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c. - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c. - kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service. - kernel: offset2lib allows for the stack guard page to be jumped over. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-31 modified 2020-05-22 plugin id 136804 published 2020-05-22 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136804 title Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2020-037) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-2082.NASL description From Red Hat Security Advisory 2020:2082 : The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2082 advisory. - kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595) - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-06 modified 2020-05-15 plugin id 136645 published 2020-05-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136645 title Oracle Linux 7 : kernel (ELSA-2020-2082) NASL family Fedora Local Security Checks NASL id FEDORA_2020-5A69DECC0C.NASL description The 5.6.13 stable kernel update contains a number of important fixes across the tree ---- The 5.6.12 stable update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-31 modified 2020-05-20 plugin id 136722 published 2020-05-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136722 title Fedora 30 : kernel (2020-5a69decc0c) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4698.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2019-2182 Hanjun Guo and Lei Li reported a race condition in the arm64 virtual memory management code, which could lead to an information disclosure, denial of service (crash), or possibly privilege escalation. - CVE-2019-5108 Mitchell Frank of Cisco discovered that when the IEEE 802.11 (WiFi) stack was used in AP mode with roaming, it would trigger roaming for a newly associated station before the station was authenticated. An attacker within range of the AP could use this to cause a denial of service, either by filling up a switching table or by redirecting traffic away from other stations. - CVE-2019-19319 Jungyeon discovered that a crafted filesystem can cause the ext4 implementation to deallocate or reallocate journal blocks. A user permitted to mount filesystems could use this to cause a denial of service (crash), or possibly for privilege escalation. - CVE-2019-19462 The syzbot tool found a missing error check in the last seen 2020-06-12 modified 2020-06-11 plugin id 137340 published 2020-06-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137340 title Debian DSA-4698-1 : linux - security update NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-2103.NASL description The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2103 advisory. - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-06 modified 2020-05-22 plugin id 136777 published 2020-05-22 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136777 title CentOS 6 : kernel (CESA-2020:2103) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2020-1425.NASL description A NULL pointer dereference flaw was found in the Linux kernel last seen 2020-06-06 modified 2020-05-13 plugin id 136530 published 2020-05-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136530 title Amazon Linux 2 : kernel (ALAS-2020-1425) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4699.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2019-3016 It was discovered that the KVM implementation for x86 did not always perform TLB flushes when needed, if the paravirtualised TLB flush feature was enabled. This could lead to disclosure of sensitive information within a guest VM. - CVE-2019-19462 The syzkaller tool found a missing error check in the last seen 2020-06-12 modified 2020-06-11 plugin id 137341 published 2020-06-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137341 title Debian DSA-4699-1 : linux - security update NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2171.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2171 advisory. - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) - Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources (CVE-2020-2732) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-18 modified 2020-05-15 plugin id 136611 published 2020-05-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136611 title RHEL 8 : kernel-rt (RHSA-2020:2171) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2104.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2104 advisory. - kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c (CVE-2017-18551) - kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595) - kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service (CVE-2019-12614) - kernel: denial of service in in xfs_setattr_nonsize in fs/xfs/xfs_iops.c (CVE-2019-15538) - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447) - kernel: a malicious USB device in the drivers/input/ff- memless.c leads to use-after-free (CVE-2019-19524) - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) - kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454) - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) - kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c (CVE-2020-9383) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-15 modified 2020-05-12 plugin id 136496 published 2020-05-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136496 title RHEL 7 : kernel-alt (RHSA-2020:2104) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2085.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2085 advisory. - kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595) - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-15 modified 2020-05-12 plugin id 136525 published 2020-05-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136525 title RHEL 7 : kernel-rt (RHSA-2020:2085) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-2103.NASL description From Red Hat Security Advisory 2020:2103 : The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2103 advisory. - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-06 modified 2020-05-14 plugin id 136602 published 2020-05-14 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136602 title Oracle Linux 6 : kernel (ELSA-2020-2103) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2020-163-01.NASL description New kernel packages are available for Slackware 14.2 to fix security issues. last seen 2020-06-13 modified 2020-06-12 plugin id 137391 published 2020-06-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137391 title Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-163-01)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10711
- https://www.openwall.com/lists/oss-security/2020/05/12/2
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
- https://www.debian.org/security/2020/dsa-4699
- https://www.debian.org/security/2020/dsa-4698
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html
- https://usn.ubuntu.com/4413-1/
- https://usn.ubuntu.com/4411-1/
- https://usn.ubuntu.com/4412-1/
- https://usn.ubuntu.com/4419-1/
- https://usn.ubuntu.com/4414-1/