CVE-2020-10751 in Ubuntu

CVE-2020-10751

Priority

Description

A flaw was found in the Linux kernels SELinux LSM hook implementation
before version 5.7, where it incorrectly assumed that an skb would only
contain a single netlink message. The hook would incorrectly only validate
the first netlink message in the skb and allow or deny the rest of the
messages within the skb with the granted permission without further
processing.

Ubuntu-Description

Dmitry Vyukov discovered that the SELinux netlink security hook in the
Linux kernel did not validate messages in some situations. A privileged
attacker could use this to bypass SELinux netlink restrictions.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10751
https://git.kernel.org/linus/fb73974172ffaaf57a7c42f35424d9aece1a5af6
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10751
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6
https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg@mail.gmail.com/
https://www.openwall.com/lists/oss-security/2020/04/30/5
https://ubuntu.com/security/notices/USN-4391-1
https://ubuntu.com/security/notices/USN-4389-1
https://ubuntu.com/security/notices/USN-4390-1
https://ubuntu.com/security/notices/USN-4412-1
https://ubuntu.com/security/notices/USN-4413-1

Notes

sbeattie

SELinux specific, not the default LSM in Ubuntu.

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	released (4.15.0-106.107)
Ubuntu 20.04 LTS:	released (5.4.0-37.41)
Ubuntu 16.04 ESM:	released (4.4.0-184.214)
Ubuntu 14.04 ESM:	ignored (was needs-triage ESM criteria)

Patches:

Introduced by

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed by

fb73974172ffaaf57a7c42f35424d9aece1a5af6

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	released (4.15.0-1073.77)
Ubuntu 20.04 LTS:	released (5.4.0-1015.15)
Ubuntu 16.04 ESM:	released (4.4.0-1109.120)
Ubuntu 14.04 ESM:	released (4.4.0-1073.77)

Patches:

Package

Source: linux-aws-5.0 (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-aws-5.3 (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	released (5.3.0-1030.32~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-aws-5.4 (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	not-affected (5.4.0-1018.18~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-aws-hwe (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 16.04 ESM:	released (4.15.0-1073.77~16.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	released (5.4.0-1016.16)
Ubuntu 16.04 ESM:	released (4.15.0-1089.99~16.04.1)
Ubuntu 14.04 ESM:	released (4.15.0-1089.99~14.04.1)

Patches:

Package

Source: linux-azure-4.15 (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	released (4.15.0-1089.99)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-azure-5.3 (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	released (5.3.0-1032.33~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-azure-5.4 (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	not-affected (5.4.0-1020.20~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-azure-edge (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	released (5.4.0-1015.15)
Ubuntu 16.04 ESM:	released (4.15.0-1077.87~16.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp-4.15 (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	released (4.15.0-1077.87)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp-5.3 (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	released (5.3.0-1030.32~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp-5.4 (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	not-affected (5.4.0-1019.19~18.04.2)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp-edge (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke-4.15 (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	released (4.15.0-1063.66)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke-5.0 (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	released (5.0.0-1043.44)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke-5.3 (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	released (5.3.0-1030.32~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	released (5.3.0-62.56~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 16.04 ESM:	released (4.15.0-106.107~16.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-hwe-5.4 (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	not-affected (5.4.0-37.41~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 16.04 ESM:	ignored (was needs-triage now end-of-life)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	released (4.15.0-1067.68)
Ubuntu 20.04 LTS:	released (5.4.0-1015.15)
Ubuntu 16.04 ESM:	released (4.4.0-1075.82)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	released (4.4.0-184.214~14.04.1)

Patches:

Package

Source: linux-oem (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	released (4.15.0-1087.97)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oem-5.6 (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	released (5.6.0-1011.11)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oem-osp1 (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	released (5.0.0-1063.68)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oracle (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	released (4.15.0-1045.49)
Ubuntu 20.04 LTS:	released (5.4.0-1015.15)
Ubuntu 16.04 ESM:	released (4.15.0-1045.49~16.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oracle-5.0 (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oracle-5.3 (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	released (5.3.0-1028.30~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oracle-5.4 (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	not-affected (5.4.0-1019.19~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	released (5.4.0-1012.12)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi-5.4 (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	not-affected (5.4.0-1013.13~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	released (4.15.0-1063.67)
Ubuntu 20.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi2-5.3 (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	released (5.3.0-1028.30~18.04.2)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-riscv (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	released (5.4.0-27.31)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (5.7~rc4)
Ubuntu 18.04 LTS:	released (4.15.0-1080.87)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Updated: 2022-04-13 14:04:09 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)