{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-06-08T12:06:17", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/torvalds/linux/commit/b102f0c522cf668c8382c56a4f771b37d011cda2"}, {"tags": ["x_refsource_MISC"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b102f0c522cf668c8382c56a4f771b37d011cda2"}, {"tags": ["x_refsource_MISC"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-12465", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/torvalds/linux/commit/b102f0c522cf668c8382c56a4f771b37d011cda2", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/b102f0c522cf668c8382c56a4f771b37d011cda2"}, {"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b102f0c522cf668c8382c56a4f771b37d011cda2", "refsource": "MISC", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b102f0c522cf668c8382c56a4f771b37d011cda2"}, {"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10"}, {"name": "https://security.netapp.com/advisory/ntap-20200608-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:56:52.066Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/b102f0c522cf668c8382c56a4f771b37d011cda2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b102f0c522cf668c8382c56a4f771b37d011cda2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-12465", "datePublished": "2020-04-29T18:52:38", "dateReserved": "2020-04-29T00:00:00", "dateUpdated": "2024-08-04T11:56:52.066Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0542D4E3-231E-4A77-86D4-89BC72DCBAB7", "versionEndExcluding": "4.19.111", "versionStartIncluding": "4.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "969EAF10-7774-45A4-99A8-E946B33706E6", "versionEndExcluding": "5.4.26", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "935FAEA6-8487-40DA-A460-9A459030B182", "versionEndExcluding": "5.5.10", "versionStartIncluding": "5.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*", "matchCriteriaId": "27227B35-932A-4035-B39F-6A455753C0D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:*", "matchCriteriaId": "489D20B9-166F-423D-8C48-A23D3026E33B", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*", "matchCriteriaId": "A4AD592C-222D-4C6F-B176-8145A1A5AFEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*", "matchCriteriaId": "8603654B-A8A9-4DEB-B0DD-C82E1C885749", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610c:*:*:*:*:*:*:*", "matchCriteriaId": "78BE572F-45C1-467F-918F-FB1276F6B495", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*", "matchCriteriaId": "DE7C6010-F736-4BDA-9E3B-C4370BBFA149", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h615c:*:*:*:*:*:*:*", "matchCriteriaId": "646FFC2B-6DC4-4BD8-AAE0-81895D397700", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*", "matchCriteriaId": "C855C933-F271-45E6-8E85-8D7CF2EF1BE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true}, {"criteria": "cpe:2.3:h:netapp:aff_baseboard_management_controller:a700s:*:*:*:*:*:*:*", "matchCriteriaId": "804B2D7C-D890-4C4C-8A76-1760552E11BC", "vulnerable": true}, {"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": true}, {"criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages."}, {"lang": "es", "value": "Se descubri\u00f3 un desbordamiento de matriz en la funci\u00f3n mt76_add_fragment en el archivo drivers/net/wireless/mediatek/mt76/dma.c en el kernel de Linux versiones anteriores a la versi\u00f3n 5.5.10, tambi\u00e9n se conoce como CID-b102f0c522cf. Un paquete de gran tama\u00f1o con muchos fragmentos rx puede corromper la memoria de p\u00e1ginas adyacentes."}], "id": "CVE-2020-12465", "lastModified": "2023-10-12T13:31:35.020", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-29T19:15:12.907", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b102f0c522cf668c8382c56a4f771b37d011cda2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/b102f0c522cf668c8382c56a4f771b37d011cda2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:4431", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-240.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}], "bugzilla": {"description": "kernel: buffer overflow in mt76_add_fragment function in drivers/net/wireless/mediatek/mt76/dma.c", "id": "1831699", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831699"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-120", "details": ["An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages.", "A memory overflow and data corruption flaw were found in the Mediatek MT76 driver module for WiFi in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c. An oversized packet with too many rx fragments causes an overflow and corruption in memory of adjacent pages. A local attacker with a special user or root privileges can cause a denial of service or a leak of internal kernel information."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is to skip loading the affected module mt76 onto the system until we have a fix available. This can be done by a blacklist mechanism and ensures the driver is not loaded at the boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically?\nhttps://access.redhat.com/solutions/41278 \n~~~"}, "name": "CVE-2020-12465", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2020-03-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-12465\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12465"], "threat_severity": "Moderate"}