[SRU X/B/D/E/F] CVE-2020-10711
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Mon May 25 18:24:12 UTC 2020
Description:
A NULL pointer dereference issue was found in the Linux kernel's SELinux
subsystem. It occurs while importing the Commercial IP Security Option
(CIPSO) protocol's category bitmap into SELinux's extensible bitmap via
'ebitmap_netlbl_import' routine. While parsing the CIPSO restricted bitmap
tag in 'cipso_v4_parsetag_rbm' routine, it sets the security attribute flag
to indicate that category bitmap is present, even if it has not been
allocated. This leads to the said NULL pointer dereference issue while
importing the same category bitmap into SELinux. A remote network user
could use this flaw to crash the system kernel resulting in DoS scenario.
This was built tested for all series, a clean cherry-pick save for Xenial,
where IPv6 CALIPSO is not supported.
More information about the kernel-team
mailing list