A NULL pointer dereference issue was found in the Linux kernel's SELinux subsystem. It occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into SELinux's extensible bitmap via 'ebitmap_netlbl_import' routine. While parsing the CIPSO restricted bitmap tag in 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that category bitmap is present, even if it has not been allocated. This leads to the said NULL pointer dereference issue while importing the same category bitmap into SELinux. A remote network user could use this flaw to crash the system kernel resulting in DoS scenario. This issue was introduced by upstream commit: -> https://git.kernel.org/linus/4b8feff251da3d7058b5779e21b33a85c686b974 netlabel: fix the horribly broken catmap functions Upstream patch: --------------- -> https://lore.kernel.org/netdev/07d99ae197bfdb2964931201db67b6cd0b38db5b.1589276729.git.pabeni@redhat.com/T/#u Reference: ---------- -> https://www.openwall.com/lists/oss-security/2020/05/12/2
Acknowledgments: Name: Matthew Sheets (gd-ms.com)
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. This issue can only be resolved by applying updates.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1834778]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:2104 https://access.redhat.com/errata/RHSA-2020:2104
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:2102 https://access.redhat.com/errata/RHSA-2020:2102
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:2103 https://access.redhat.com/errata/RHSA-2020:2103
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-10711
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:2082 https://access.redhat.com/errata/RHSA-2020:2082
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:2085 https://access.redhat.com/errata/RHSA-2020:2085
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:2125 https://access.redhat.com/errata/RHSA-2020:2125
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:2171 https://access.redhat.com/errata/RHSA-2020:2171
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:2199 https://access.redhat.com/errata/RHSA-2020:2199
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:2203 https://access.redhat.com/errata/RHSA-2020:2203
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2020:2214 https://access.redhat.com/errata/RHSA-2020:2214
This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2020:2242 https://access.redhat.com/errata/RHSA-2020:2242
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Via RHSA-2020:2285 https://access.redhat.com/errata/RHSA-2020:2285
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Red Hat Enterprise Linux 7.3 Telco Extended Update Support Via RHSA-2020:2277 https://access.redhat.com/errata/RHSA-2020:2277
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:2289 https://access.redhat.com/errata/RHSA-2020:2289
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:2291 https://access.redhat.com/errata/RHSA-2020:2291
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:2429 https://access.redhat.com/errata/RHSA-2020:2429
Statement: This issue affects the versions of the kernel packages as shipped with the Red Hat Enterprise Linux 6 starting with the Red Hat Enterprise Linux 6.7 GA version kernel-2.6.32-573 . Prior Red Hat Enterprise Linux 6 kernel versions are not affected.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:2519 https://access.redhat.com/errata/RHSA-2020:2519
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:2522 https://access.redhat.com/errata/RHSA-2020:2522