PT-2020-2318 · Linux+6 · Linux Kernel+6

Entropy Moe

·

Published

2020-04-01

·

Updated

2024-08-04

·

CVE-2020-11565

CVSS v3.1

6.0

Medium

VectorAV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.6.2
Description The issue is related to a stack-based out-of-bounds write in the mpol parse str function in mm/mempolicy.c due to mishandling of an empty nodelist during mount option parsing. This could potentially allow for denial of service or privilege escalation. However, it is noted that the issue can only be triggered by a privileged user and does not grant any additional powers.
Recommendations For Linux kernel versions through 5.6.2, as a temporary workaround, consider disabling the mpol parse str function until a patch is available. Restrict access to mount options to minimize the risk of exploitation. Avoid using empty nodelists in mount option parsing until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2020:4431
ALT-PU-2020-1761
ALT-PU-2020-1913
ALT-PU-2020-1917
ALT-PU-2020-1928
ALT-PU-2020-2153
ALT-PU-2020-2164
ALT-PU-2021-1621
ALT-PU-2021-1656
ALT-PU-2021-1739
ALT-PU-2021-1862
ALT-PU-2021-1866
ALT-PU-2021-1870
BDU:2020-02286
CESA-2020_4060
CESA-2020_4431
CESA-2020_4609
CVE-2020-11565
DLA-2241-1
DLA-2241-2
DLA-2242-1
DSA-4667-1
DSA-4698-1
MGASA-2020-0183
MGASA-2020-0184
RHSA-2020:2854
RHSA-2020:4060
RHSA-2020:4062
RHSA-2020:4431
RHSA-2020:4609
RHSA-2020_4060
RHSA-2020_4062
RHSA-2020_4431
RHSA-2020_4609
USN-4363-1
USN-4364-1
USN-4367-1
USN-4367-2
USN-4368-1
USN-4369-1

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Linux Kernel
Red Hat
Ubuntu