Published: 06/05/2021 Updated: 15/02/2024

CVSS v2 Base Score: 6.8 | Impact Score: 9.5 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:L/AC:L/Au:N/C:C/I:P/A:C

An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
netapp cloud backup -
netapp solidfire baseboard management controller firmware -
netapp h300s firmware -
netapp h500s firmware -
netapp h700s firmware -
netapp h300e firmware -
netapp h500e firmware -
netapp h700e firmware -
netapp h410s firmware -
netapp h410c firmware -

An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25c in the Linux kernel A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information The highest threat from this vulnerability is to confide ...

Hi Sasha, Both you and Greg certainly have control over stable kernel commit messages (it's the same ability you use to add the upstream commit ID) Greg at least receives private notification of security vulnerabilities through security () kernel org I've privately received several complaints from different researchers about what was lacking ...

On Thu, Mar 18, 2021 at 01:20:18AM +0530, Rohit Keshri wrote: This mail doesn't even mention where/how this is fixed Is this 6ee50c8e262a ("net/x25: prevent a couple of overflows")? If so, it's already fixed in all stable kernels How can the issue cause a leak btw? -- Thanks, Sasha ...

On Fri, Mar 19, 2021 at 05:00:08PM -0400, Brad Spengler wrote: And this is exactly my point: you are advocating for tens of people to do detective work instead of just linking basic things like the commit id in the announcement mail Specially when the commits in question have been upstream for months/years -- Thanks, Sasha ...

Hello Team, An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25c in the Linux kernel A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information The highest threat from this vulnerability ...

Hi Sasha, For that particular one, the original email was: seclistsorg/oss-sec/2021/q1/212 to which I had already replied here: seclistsorg/oss-sec/2021/q1/220 The investigation for that email took only a few minutes It didn't have to be done via the CVE link, as bugzillasusecom/show_bugcgi?id=1173485 was provided ...

Hi, On Wed, Mar 17, 2021 at 05:14:57PM -0400, Sasha Levin wrote: Just as additional reference: I think this goes back to this report: wwwopenwallcom/lists/oss-security/2020/11/15/2 In upstream this was fixed then if the above is correct in v44248 v49248 v414211 v419162 v5482 ...

Hey Brad, I'll let Greg respond on your concerns with him, I've removed those references to him from my reply On Fri, Mar 19, 2021 at 03:58:25PM -0400, Brad Spengler wrote: So we do, but traditionally I haven't changed the commit message I also don't have an additional source of information when I queue up the commits, so I'm not sure how my ...

CWE-125 https://bugzilla.redhat.com/show_bug.cgi?id=1908251 https://security.netapp.com/advisory/ntap-20210618-0009/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2020-35519

CVE-2020-35519

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect