PT-2020-2424 · Linux+4 · Linux Kernel+4

Published

2020-03-03

Updated

2023-10-12

CVE-2020-12465

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.5.10

Description A buffer overflow error was discovered in the mt76 add fragment function in the Linux kernel, which can be exploited by sending an oversized packet with too many rx fragments, potentially corrupting memory of adjacent pages. This issue may allow an attacker to cause a denial of service and disclose protected information.

Recommendations For Linux kernel versions prior to 5.5.10, update to version 5.5.10 or later to resolve the issue. As a temporary workaround, consider restricting the size of incoming packets to prevent exploitation of the buffer overflow in the mt76 add fragment function.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALSA-2020:4431

ALT-PU-2020-1511

ALT-PU-2020-1622

ALT-PU-2020-1638

ALT-PU-2020-1646

ALT-PU-2020-1714

ALT-PU-2020-2164

ALT-PU-2021-1621

ALT-PU-2021-1656

ALT-PU-2021-1739

ALT-PU-2021-1862

ALT-PU-2021-1866

ALT-PU-2021-1870

BDU:2020-02425

CESA-2020_4431

CVE-2020-12465

RHSA-2020:4431

RHSA-2020_4431

Affected Products

Alt Linux

Almalinux

Centos

Linux Kernel

Red Hat

PT-2020-2424 · Linux+4 · Linux Kernel+4

CVE-2020-12465

Weakness Enumeration

Related Identifiers

Affected Products

References · 71