PT-2020-3138 · Linux+6 · Linux Kernel+6
Published
2020-04-27
·
Updated
2023-02-12
·
CVE-2020-10751
CVSS v3.1
6.1
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 5.7
Description
A flaw in the Linux kernel's SELinux LSM hook implementation allows for insufficient authentication of data. This issue arises because the hook incorrectly assumes that a socket buffer (skb) contains only a single netlink message and validates only the first message, potentially granting unauthorized access to subsequent messages within the skb. The vulnerability may enable an attacker to gain unauthorized access to protected information.
Recommendations
For Linux kernel versions prior to 5.7, update to version 5.7 or later to resolve the issue. As a temporary workaround, consider restricting access to SELinux LSM hook implementation until a patch is available.
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Almalinux
Centos
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu