Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Re: CVE-2020-35519 Linux kernel: x25_bind out-of-bounds read

Related Vulnerabilities: CVE-2020-35519  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: CVE-2020-35519 Linux kernel: x25_bind out-of-bounds read

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Salvatore Bonaccorso &lt;carnil () debian org&gt;

Date: Thu, 18 Mar 2021 07:04:00 +0100

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Hi,

On Wed, Mar 17, 2021 at 05:14:57PM -0400, Sasha Levin wrote:
On Thu, Mar 18, 2021 at 01:20:18AM +0530, Rohit Keshri wrote:
Hello Team,

An out-of-bounds (OOB) memory access flaw was found in x25_bind in
net/x25/af_x25.c in the Linux kernel. A bounds check failure allows a local
attacker with a user account on the system to gain access to out-of-bounds
memory, leading to a system crash or a leak of internal kernel information.
The highest threat from this vulnerability is to confidentiality,
integrity, as well as system availability.

'CVE-2020-35519' was assigned by Red Hat.

This mail doesn't even mention where/how this is fixed. Is this
6ee50c8e262a ("net/x25: prevent a couple of overflows")?

If so, it's already fixed in all stable kernels.

How can the issue cause a leak btw?

Just as additional reference: I think this goes back to this report:
https://www.openwall.com/lists/oss-security/2020/11/15/2 

In upstream this was fixed then if the above is correct in

        v4.4.248
        v4.9.248
        v4.14.211
        v4.19.162
        v5.4.82
        v5.9.13
        v5.10-rc7

Regards,
Salvatore

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

CVE-2020-35519 Linux kernel: x25_bind out-of-bounds read Rohit Keshri (Mar 17)

Re: CVE-2020-35519 Linux kernel: x25_bind out-of-bounds read Sasha Levin (Mar 17)

Re: CVE-2020-35519 Linux kernel: x25_bind out-of-bounds read Salvatore Bonaccorso (Mar 17)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started