Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2020-10711

Publication date 12 May 2020

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

Cvss 3 Severity Score

5.9 · Medium

Score breakdown

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.

From the Ubuntu Security Team

Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service (system crash).

Read the notes from the security team

Status

Package Ubuntu Release Status
linux 20.04 LTS focal
Fixed 5.4.0-40.44
19.10 eoan
Fixed 5.3.0-62.56
18.04 LTS bionic
Fixed 4.15.0-109.110
16.04 LTS xenial
Fixed 4.4.0-185.215
14.04 LTS trusty Ignored
linux-aws 20.04 LTS focal
Fixed 5.4.0-1018.18
19.10 eoan
Fixed 5.3.0-1030.32
18.04 LTS bionic
Fixed 4.15.0-1077.81
16.04 LTS xenial
Fixed 4.4.0-1110.121
14.04 LTS trusty
linux-aws-5.0 20.04 LTS focal Not in release
19.10 eoan Not in release
18.04 LTS bionic Ignored
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-aws-5.3 20.04 LTS focal Not in release
19.10 eoan Not in release
18.04 LTS bionic
Fixed 5.3.0-1030.32~18.04.1
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-aws-5.4 20.04 LTS focal Not in release
18.04 LTS bionic
Not affected
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-aws-hwe 20.04 LTS focal Not in release
19.10 eoan Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial
Fixed 4.15.0-1074.78~16.04.1
14.04 LTS trusty Not in release
linux-azure 20.04 LTS focal
Fixed 5.4.0-1020.20
19.10 eoan
Fixed 5.3.0-1032.33
18.04 LTS bionic Ignored
16.04 LTS xenial
Fixed 4.15.0-1091.101~16.04.1
14.04 LTS trusty
linux-azure-4.15 20.04 LTS focal Not in release
19.10 eoan Not in release
18.04 LTS bionic
Fixed 4.15.0-1091.101
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-azure-5.3 20.04 LTS focal Not in release
19.10 eoan Not in release
18.04 LTS bionic
Fixed 5.3.0-1032.33~18.04.1
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-azure-5.4 20.04 LTS focal Not in release
18.04 LTS bionic
Not affected
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-azure-edge 20.04 LTS focal Not in release
19.10 eoan Not in release
18.04 LTS bionic Ignored
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gcp 20.04 LTS focal
Fixed 5.4.0-1019.19
19.10 eoan
Fixed 5.3.0-1030.32
18.04 LTS bionic Ignored
16.04 LTS xenial
Fixed 4.15.0-1078.88~16.04.1
14.04 LTS trusty Not in release
linux-gcp-4.15 20.04 LTS focal Not in release
19.10 eoan Not in release
18.04 LTS bionic
Fixed 4.15.0-1078.88
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gcp-5.3 20.04 LTS focal Not in release
19.10 eoan Not in release
18.04 LTS bionic
Fixed 5.3.0-1030.32~18.04.1
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gcp-5.4 20.04 LTS focal Not in release
18.04 LTS bionic
Not affected
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gcp-edge 20.04 LTS focal Not in release
19.10 eoan Not in release
18.04 LTS bionic Ignored
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gke-4.15 20.04 LTS focal Not in release
19.10 eoan Not in release
18.04 LTS bionic
Fixed 4.15.0-1064.67
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gke-5.0 20.04 LTS focal Not in release
19.10 eoan Not in release
18.04 LTS bionic
Fixed 5.0.0-1043.44
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gke-5.3 20.04 LTS focal Not in release
19.10 eoan Not in release
18.04 LTS bionic
Fixed 5.3.0-1030.32~18.04.1
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-hwe 20.04 LTS focal Not in release
19.10 eoan Not in release
18.04 LTS bionic
Fixed 5.3.0-62.56~18.04.1
16.04 LTS xenial
Fixed 4.15.0-107.108~16.04.1
14.04 LTS trusty Not in release
linux-hwe-5.4 20.04 LTS focal Not in release
18.04 LTS bionic
Fixed 5.4.0-40.44~18.04.1
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-hwe-edge 20.04 LTS focal Not in release
19.10 eoan Not in release
18.04 LTS bionic Ignored
16.04 LTS xenial Ignored
14.04 LTS trusty Not in release
linux-kvm 20.04 LTS focal
Fixed 5.4.0-1018.18
19.10 eoan
Fixed 5.3.0-1024.26
18.04 LTS bionic
Fixed 4.15.0-1069.70
16.04 LTS xenial
Fixed 4.4.0-1076.83
14.04 LTS trusty Not in release
linux-lts-trusty 20.04 LTS focal Not in release
19.10 eoan Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-lts-xenial 20.04 LTS focal Not in release
19.10 eoan Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty
linux-oem 20.04 LTS focal Not in release
19.10 eoan Ignored
18.04 LTS bionic
Fixed 4.15.0-1091.101
16.04 LTS xenial Ignored
14.04 LTS trusty Not in release
linux-oem-5.6 20.04 LTS focal
Fixed 5.6.0-1011.11
19.10 eoan Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oem-osp1 20.04 LTS focal Not in release
19.10 eoan Ignored
18.04 LTS bionic
Fixed 5.0.0-1063.68
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oracle 20.04 LTS focal
Fixed 5.4.0-1019.19
19.10 eoan
Fixed 5.3.0-1028.30
18.04 LTS bionic
Fixed 4.15.0-1048.52
16.04 LTS xenial
Fixed 4.15.0-1046.50~16.04.1
14.04 LTS trusty Not in release
linux-oracle-5.0 20.04 LTS focal Not in release
19.10 eoan Not in release
18.04 LTS bionic Ignored
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oracle-5.3 20.04 LTS focal Not in release
19.10 eoan Not in release
18.04 LTS bionic
Fixed 5.3.0-1028.30~18.04.1
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oracle-5.4 20.04 LTS focal Not in release
18.04 LTS bionic
Not affected
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-raspi 20.04 LTS focal
Fixed 5.4.0-1013.13
19.10 eoan Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-raspi-5.4 20.04 LTS focal Not in release
18.04 LTS bionic
Not affected
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-raspi2 20.04 LTS focal Ignored
19.10 eoan
Fixed 5.3.0-1028.30
18.04 LTS bionic
Fixed 4.15.0-1065.69
16.04 LTS xenial
Fixed 4.4.0-1135.144
14.04 LTS trusty Not in release
linux-raspi2-5.3 20.04 LTS focal Not in release
19.10 eoan Not in release
18.04 LTS bionic
Fixed 5.3.0-1028.30~18.04.2
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-riscv 20.04 LTS focal
Fixed 5.4.0-28.32
19.10 eoan Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-snapdragon 20.04 LTS focal Not in release
19.10 eoan Not in release
18.04 LTS bionic
Fixed 4.15.0-1081.88
16.04 LTS xenial
Fixed 4.4.0-1139.147
14.04 LTS trusty Not in release

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro

Notes

sbeattie

SELinux is not the default MAC used in Ubuntu

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
linux

Severity score breakdown

Parameter Value
Base score 5.9 · Medium
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-4411-1
    • Linux kernel vulnerabilities
    • 6 July 2020
    • USN-4412-1
    • Linux kernel vulnerabilities
    • 6 July 2020
    • USN-4413-1
    • Linux kernel vulnerabilities
    • 2 July 2020
    • USN-4414-1
    • Linux kernel vulnerabilities
    • 6 July 2020
    • USN-4419-1
    • Linux kernel vulnerabilities
    • 6 July 2020

Other references