'Re: [oss-security] CVE-2020-35519 Linux kernel: x25_bind out-of-bounds read'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE-2020-35519 Linux kernel: x25_bind out-of-bounds read
From:       Salvatore Bonaccorso <carnil () debian ! org>
Date:       2021-03-18 6:04:00
Message-ID: 20210318060359.GA7529 () lorien ! valinor ! li
[Download RAW message or body]

Hi,

On Wed, Mar 17, 2021 at 05:14:57PM -0400, Sasha Levin wrote:
> On Thu, Mar 18, 2021 at 01:20:18AM +0530, Rohit Keshri wrote:
> > Hello Team,
> > 
> > An out-of-bounds (OOB) memory access flaw was found in x25_bind in
> > net/x25/af_x25.c in the Linux kernel. A bounds check failure allows a local
> > attacker with a user account on the system to gain access to out-of-bounds
> > memory, leading to a system crash or a leak of internal kernel information.
> > The highest threat from this vulnerability is to confidentiality,
> > integrity, as well as system availability.
> > 
> > 'CVE-2020-35519' was assigned by Red Hat.
> 
> This mail doesn't even mention where/how this is fixed. Is this
> 6ee50c8e262a ("net/x25: prevent a couple of overflows")?
> 
> If so, it's already fixed in all stable kernels.
> 
> How can the issue cause a leak btw?

Just as additional reference: I think this goes back to this report:
https://www.openwall.com/lists/oss-security/2020/11/15/2 

In upstream this was fixed then if the above is correct in

	v4.4.248
	v4.9.248
	v4.14.211
	v4.19.162
	v5.4.82
	v5.9.13
	v5.10-rc7

Regards,
Salvatore
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic