[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2020-10751 - Linux kernel: SELinux netlink permission check bypass
From: Ondrej Mosnacek <omosnace () redhat ! com>
Date: 2020-05-27 7:44:50
Message-ID: CAFqZXNvNR3FWeNz5eTPmG0HbB8dZF6_xQcOeUNowo-a+93QwdA () mail ! gmail ! com
[Download RAW message or body]
(Resending with correct ML address...)
Hello,
This flaw has already been announced and described here:
https://www.openwall.com/lists/oss-security/2020/04/30/5
This is just a note to let you know that it has been assigned a
CVE-2020-10751 upon request from Red Hat.
The flaw is fixed by the following upstream commit:
commit fb73974172ffaaf57a7c42f35424d9aece1a5af6
Author: Paul Moore <paul@paul-moore.com>
Date: Tue Apr 28 09:59:02 2020 -0400
selinux: properly handle multiple messages in selinux_netlink_send()
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6
The flaw dates back at least to Linux-2.6.12-rc2, so likely all
versions of Linux currently in use are affected.
RH tracker: https://bugzilla.redhat.com/show_bug.cgi?id=1839634
--
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel,
Red Hat, Inc.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic