#VU63957 Buffer overflow in Linux kernel - CVE-2020-10742

Cybersecurity Help s.r.o.

Published: 2022-06-02

Vulnerability identifier: #VU63957

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-10742

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an index buffer overflow during Direct IO write in NFS client. A local user can force the client to reach out of the index after one memory allocation by kmalloc and cause a kernel panic.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://bugzilla.redhat.com/show_bug.cgi?id=1835127

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in Linux kernel NFS client

Red Hat Enterprise Linux 7 update for kernel-rt

Red Hat Enterprise Linux 7 update for kernel