ALT-PU-2020-1426-1
Package kernel-image-un-def updated to version 5.5.8-alt1 for branch sisyphus in task 247429.
Closed vulnerabilities
Published: 2020-02-22
BDU:2020-02707
Уязвимость функции get_raw_socket (drivers/vhost/net.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.3)
Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
References:
Published: 2020-03-25
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-10942
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.
Severity: MEDIUM (5.3)
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
References:
- openSUSE-SU-2020:0543
- [oss-security] 20200415 CVE-2020-10942 Kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.8
- https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- https://lkml.org/lkml/2020/2/15/125
- https://security.netapp.com/advisory/ntap-20200403-0003/
- USN-4342-1
- USN-4344-1
- USN-4345-1
- USN-4364-1
- DSA-4667
- DSA-4698
- openSUSE-SU-2020:0543
- DSA-4698
- DSA-4667
- USN-4364-1
- USN-4345-1
- USN-4344-1
- USN-4342-1
- https://security.netapp.com/advisory/ntap-20200403-0003/
- https://lkml.org/lkml/2020/2/15/125
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.8
- [oss-security] 20200415 CVE-2020-10942 Kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field