1. Home
  2. Vulnerabilities
  3. CVE-2020-10751

CVE-2020-10751

CVSS v3.1 6.1 (Medium)
61% Progress
CVSS v2.0 3.6 (Low)
36% Progress
EPSS 0.05 % (20th)
0.05% Progress
Affected Products 2
Advisories 36
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.

Weaknesses
CWE-345
Insufficient Verification of Data Authenticity
CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data
Related CVEs
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2020-05-26 15:15:10
(4 years ago)
Updated Date
2023-02-12 23:39:18
(19 months ago)

Affected Products

Kernel

Redhat

Configuration #1

    CPE23 From Up To
  Kernel Selinux prior 5.7 version cpe:2.3:a:kernel:selinux < 5.7

Configuration #2

    CPE23 From Up To
  Redhat Enterprise Linux Server 7.0 cpe:2.3:o:redhat:enterprise_linux_server:7.0
  Redhat Enterprise Linux Server 8.0 cpe:2.3:o:redhat:enterprise_linux_server:8.0