oss-sec mailing list archives
Re: CVE-2020-10711 Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category
From: P J P <ppandit () redhat com>
Date: Tue, 12 May 2020 19:08:17 +0530 (IST)
+-- On Tue, 12 May 2020, P J P wrote --+ | NULL pointer dereference(s) issue(s) was found in the Linux kernel's SELinux | subsystem. It occurs while importing the Commercial IP Security Option | (CIPSO) protocol's category bitmap into SELinux's extensible bitmap via | 'ebitmap_netlbl_import' routine. While parsing the CIPSO restricted bitmap | tag in 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to | indicate that category bitmap is present, even if it has not been allocated. | This leads to the said NULL pointer dereference issue while importing the | same category bitmap into SELinux. A remote network user could use this flaw | to crash the system kernel resulting in DoS scenario. | | This issue was introduced by upstream commit: | -> https://git.kernel.org/linus/4b8feff251da3d7058b5779e21b33a85c686b974 | netlabel: fix the horribly broken catmap functions Upstream patch: -> https://lore.kernel.org/netdev/07d99ae197bfdb2964931201db67b6cd0b38db5b.1589276729.git.pabeni () redhat com/T/#u Thank you. -- Prasad J Pandit / Red Hat Product Security Team 8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
Current thread:
- CVE-2020-10711 Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category P J P (May 12)
- Re: CVE-2020-10711 Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category P J P (May 12)