{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue \u201cis a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.\u201d"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-06-10T19:06:30", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/torvalds/linux/commit/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd"}, {"tags": ["x_refsource_MISC"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd"}, {"name": "DSA-4667", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4667"}, {"name": "USN-4364-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4364-1/"}, {"name": "USN-4367-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4367-1/"}, {"name": "USN-4368-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4368-1/"}, {"name": "USN-4363-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4363-1/"}, {"name": "USN-4369-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4369-1/"}, {"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"}, {"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"}, {"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"}, {"name": "DSA-4698", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4698"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-11565", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue \u201cis a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.\u201d."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/torvalds/linux/commit/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd"}, {"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd", "refsource": "MISC", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd"}, {"name": "DSA-4667", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4667"}, {"name": "USN-4364-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4364-1/"}, {"name": "USN-4367-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4367-1/"}, {"name": "USN-4368-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4368-1/"}, {"name": "USN-4363-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4363-1/"}, {"name": "USN-4369-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4369-1/"}, {"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"}, {"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"}, {"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"}, {"name": "DSA-4698", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4698"}]}}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T19:42:27.772420Z", "id": "CVE-2020-11565", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T19:42:34.147Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:35:13.515Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd"}, {"name": "DSA-4667", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4667"}, {"name": "USN-4364-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4364-1/"}, {"name": "USN-4367-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4367-1/"}, {"name": "USN-4368-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4368-1/"}, {"name": "USN-4363-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4363-1/"}, {"name": "USN-4369-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4369-1/"}, {"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"}, {"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"}, {"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"}, {"name": "DSA-4698", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4698"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-11565", "datePublished": "2020-04-06T00:08:41", "dateReserved": "2020-04-06T00:00:00", "dateUpdated": "2024-08-04T11:35:13.515Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/torvalds/linux/commit/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.debian.org/security/2020/dsa-4667", "name": "DSA-4667", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "https://usn.ubuntu.com/4364-1/", "name": "USN-4364-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "https://usn.ubuntu.com/4367-1/", "name": "USN-4367-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "https://usn.ubuntu.com/4368-1/", "name": "USN-4368-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "https://usn.ubuntu.com/4363-1/", "name": "USN-4363-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "https://usn.ubuntu.com/4369-1/", "name": "USN-4369-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://www.debian.org/security/2020/dsa-4698", "name": "DSA-4698", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:35:13.515Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-11565", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-26T19:42:27.772420Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T19:42:31.255Z"}}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/torvalds/linux/commit/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd", "tags": ["x_refsource_MISC"]}, {"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd", "tags": ["x_refsource_MISC"]}, {"url": "https://www.debian.org/security/2020/dsa-4667", "name": "DSA-4667", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "https://usn.ubuntu.com/4364-1/", "name": "USN-4364-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "https://usn.ubuntu.com/4367-1/", "name": "USN-4367-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "https://usn.ubuntu.com/4368-1/", "name": "USN-4368-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "https://usn.ubuntu.com/4363-1/", "name": "USN-4363-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "https://usn.ubuntu.com/4369-1/", "name": "USN-4369-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://www.debian.org/security/2020/dsa-4698", "name": "DSA-4698", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue \u201cis a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.\u201d"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2020-06-10T19:06:30"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/torvalds/linux/commit/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd", "name": "https://github.com/torvalds/linux/commit/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd", "refsource": "MISC"}, {"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd", "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd", "refsource": "MISC"}, {"url": "https://www.debian.org/security/2020/dsa-4667", "name": "DSA-4667", "refsource": "DEBIAN"}, {"url": "https://usn.ubuntu.com/4364-1/", "name": "USN-4364-1", "refsource": "UBUNTU"}, {"url": "https://usn.ubuntu.com/4367-1/", "name": "USN-4367-1", "refsource": "UBUNTU"}, {"url": "https://usn.ubuntu.com/4368-1/", "name": "USN-4368-1", "refsource": "UBUNTU"}, {"url": "https://usn.ubuntu.com/4363-1/", "name": "USN-4363-1", "refsource": "UBUNTU"}, {"url": "https://usn.ubuntu.com/4369-1/", "name": "USN-4369-1", "refsource": "UBUNTU"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "refsource": "MLIST"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", "refsource": "MLIST"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "refsource": "MLIST"}, {"url": "https://www.debian.org/security/2020/dsa-4698", "name": "DSA-4698", "refsource": "DEBIAN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue \u201cis a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.\u201d."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-11565", "STATE": "PUBLIC", "ASSIGNER": "cve@mitre.org"}}}}, "cveMetadata": {"cveId": "CVE-2020-11565", "state": "PUBLISHED", "dateUpdated": "2024-08-04T11:35:13.515Z", "dateReserved": "2020-04-06T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2020-04-06T00:08:41", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "09CC13FB-6E4B-4EDF-980C-845C09E90D24", "versionEndIncluding": "5.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue \u201cis a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.\u201d"}, {"lang": "es", "value": "** EN DISPUTA ** Se detect\u00f3 un problema en el kernel de Linux versiones hasta 5.6.2. La funci\u00f3n mpol_parse_str en el archivo mm/mempolicy.c presenta una escritura fuera de l\u00edmites en la regi\u00f3n stack de la memoria porque una lista de nodos vac\u00eda es manejada inapropiadamente durante el an\u00e1lisis de la opci\u00f3n de montaje, tambi\u00e9n se conoce como CID-aa9f7d5172fa. NOTA: Alguien en la comunidad de seguridad no est\u00e1 de acuerdo en que se trata de una vulnerabilidad porque el problema \"es un error en el an\u00e1lisis de las opciones de montaje que s\u00f3lo puede ser especificado por un usuario privilegiado, por lo que la activaci\u00f3n del error no otorga ning\u00fan poder que no se tenga ya\"."}], "id": "CVE-2020-11565", "lastModified": "2024-08-04T12:15:31.400", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-06T01:15:12.447", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4363-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4364-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4367-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4368-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4369-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4667"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2020/dsa-4698"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:4062", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-1160.rt56.1131.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:2854", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-alt-0:4.14.0-115.26.1.el7a", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-07-07T00:00:00Z"}, {"advisory": "RHSA-2020:4060", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-1160.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4609", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-240.rt7.54.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:4431", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-240.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}], "bugzilla": {"description": "kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c", "id": "1824918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824918"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue \u201cis a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.\u201d", "An out-of-bounds write flaw was found in the Linux kernel. An empty nodelist in mempolicy.c is mishandled durig mount option parsing leading to a stack-based out-of-bounds write. The highest threat from this vulnerability is to system availability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2020-11565", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2020-04-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-11565\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11565"], "threat_severity": "Moderate"}