Date: Wed, 27 May 2020 09:44:50 +0200 From: Ondrej Mosnacek <omosnace@...hat.com> To: oss-security@...ts.openwall.com Cc: Paul Moore <paul@...l-moore.com>, Stephen Smalley <stephen.smalley.work@...il.com>, Jeff Vander Stoep <jeffv@...gle.com>, Wade Mealing <wmealing@...hat.com> Subject: CVE-2020-10751 - Linux kernel: SELinux netlink permission check bypass (Resending with correct ML address...) Hello, This flaw has already been announced and described here: https://www.openwall.com/lists/oss-security/2020/04/30/5 This is just a note to let you know that it has been assigned a CVE-2020-10751 upon request from Red Hat. The flaw is fixed by the following upstream commit: commit fb73974172ffaaf57a7c42f35424d9aece1a5af6 Author: Paul Moore <paul@...l-moore.com> Date: Tue Apr 28 09:59:02 2020 -0400 selinux: properly handle multiple messages in selinux_netlink_send() https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6 The flaw dates back at least to Linux-2.6.12-rc2, so likely all versions of Linux currently in use are affected. RH tracker: https://bugzilla.redhat.com/show_bug.cgi?id=1839634 -- Ondrej Mosnacek Software Engineer, Platform Security - SELinux kernel, Red Hat, Inc.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.