redhat openstack CVE-2020-10711 vulnerability in Red Hat and Other Products
Published on May 22, 2020

product logo product logo product logo product logo product logo
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2020-10711 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.


Products Associated with CVE-2020-10711

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-10711 are published in these products:

Red Hat Openstack
 
Red Hat Virtualization Host
 
Debian Linux
 
Linux Kernel
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Enterprise Linux Aus
 
Red Hat Enterprise Linux Server Tus
 
Red Hat Messaging Realtime Grid
 
Red Hat 3scale
 
OpenSuse Leap
 
Canonical Ubuntu Linux
 

Affected Versions

Red Hat Kernel Version all kernel versions before 5.7 is affected by CVE-2020-10711

Exploit Probability

EPSS
5.44%
Percentile
90.01%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.