Auto-merge PR#3880

2025-06-12 02:05:39 +00:00 · 2020-05-22 10:10:13 -04:00 · 2020-05-22 10:10:13 -04:00 · 8733cd95c9
commit 8733cd95c9
parent 38ea1de782 99bdce57b2
1 changed files with 61 additions and 3 deletions
--- a/2020/10xxx/CVE-2020-10711.json
+++ b/2020/10xxx/CVE-2020-10711.json
@ -4,15 +4,73 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2020-10711",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "gsuckevi@redhat.com"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Red Hat",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Kernel",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "all kernel versions before 5.7"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-476"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10711",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10711",
+                "refsource": "CONFIRM"
+            },
+            {
+                "url": "https://www.openwall.com/lists/oss-security/2020/05/12/2",
+                "name": "https://www.openwall.com/lists/oss-security/2020/05/12/2",
+                "refsource": "CONFIRM"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service."
            }
        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "5.9/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
+                    "version": "3.0"
+                }
+            ]
+        ]
    }
 }