Vulnerability in The Linux Foundation Kernel
CVE-2020-10751
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink mess…
EPSS: 0.001 (24.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N.
Affected products
- The Linux Foundation Kernel — versions before 5.7
Weakness classification (CWE)
Public proof-of-concept exploits
References
- [oss-security] 20200527 CVE-2020-10751 - Linux kernel: SELinux netlink permission check bypass (mailing-list, x_refsource_MLIST)
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update (mailing-list, x_refsource_MLIST)
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update (mailing-list, x_refsource_MLIST)
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update (mailing-list, x_refsource_MLIST)
- DSA-4698 (vendor-advisory, x_refsource_DEBIAN)
- DSA-4699 (vendor-advisory, x_refsource_DEBIAN)
- openSUSE-SU-2020:0801 (vendor-advisory, x_refsource_SUSE)
- USN-4389-1 (vendor-advisory, x_refsource_UBUNTU)
- USN-4390-1 (vendor-advisory, x_refsource_UBUNTU)
- USN-4391-1 (vendor-advisory, x_refsource_UBUNTU)
Frequently asked questions
- What is CVE-2020-10751?
- CVE-2020-10751 is a medium-severity vulnerability in The Linux Foundation Kernel, classified under CWE-349. CVSS score: 6.1/10. Published 2020-05-26.
- How severe is CVE-2020-10751?
- Medium severity. CVSS v3 base score is 6.1 out of 10.
- Is CVE-2020-10751 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.