Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Mageia 7: MGASA-2020-0227 Critical: Kernel NULL Pointer Flaw

mageia
Calendar Grey May 24, 2020
Dist Mageia Esm H88
Mageia 2020-0228 releases kernel updates addressing severe vulnerabilities involving out-of-bounds writes and NULL pointer dereferences.
This update is based on the upstream 5.6.14 kernel and fixes atleast the following security issues: A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsyst...

Summary

This update is based on the upstream 5.6.14 kernel and fixes atleast the following security issues:
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service (CVE-2020-10711).
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case (CVE-2020-12770).
gadget_dev_desc_UDC_store in drivers/u...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=26660

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.9

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.10

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.11

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.12

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.13

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.14

- https://www.cve.org/CVERecord?id=CVE-2020-10711

- https://www.cve.org/CVERecord?id=CVE-2020-12770

- https://www.cve.org/CVERecord?id=CVE-2020-13143

Topics%20covered

Topics Covered

security advisory security update security issue DoS kernel NULL pointer Mageia

Resolution

SRPMS

- 7/core/kernel-5.6.14-2.mga7

- 7/core/kmod-virtualbox-6.0.20-6.mga7

- 7/core/kmod-xtables-addons-3.9-4.mga7

- 7/core/ndiswrapper-1.63-1.mga7

- 7/core/wireguard-tools-1.0.20200513-1.mga7

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 24 May 2020
URL: https://advisories.mageia.org/MGASA-2020-0227.html
Type: security
CVE: CVE-2020-10711, CVE-2020-12770, CVE-2020-13143

Topics%20covered

Topics Covered

security advisory security update security issue DoS kernel NULL pointer Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here