CVE-2020-12659
First published: Tue May 05 2020(Updated: )
An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-240.rt7.54.el8 | 0:4.18.0-240.rt7.54.el8 |
| redhat/kernel | <0:4.18.0-240.el8 | 0:4.18.0-240.el8 |
| Linux Linux kernel | <5.6.7 | |
| redhat/kernel | <5.6.7 | 5.6.7 |
| ubuntu/linux | <5.3.0-59.53 | 5.3.0-59.53 |
| ubuntu/linux | <5.4.0-37.41 | 5.4.0-37.41 |
| ubuntu/linux | <5.7~ | 5.7~ |
| ubuntu/linux-aws | <5.3.0-1023.25 | 5.3.0-1023.25 |
| ubuntu/linux-aws | <5.4.0-1015.15 | 5.4.0-1015.15 |
| ubuntu/linux-aws | <5.7~ | 5.7~ |
| ubuntu/linux-aws-5.0 | <5.7~ | 5.7~ |
| ubuntu/linux-aws-5.3 | <5.3.0-1023.25~18.04.1 | 5.3.0-1023.25~18.04.1 |
| ubuntu/linux-aws-5.3 | <5.7~ | 5.7~ |
| ubuntu/linux-aws-5.4 | <5.7~ | 5.7~ |
| ubuntu/linux-aws-hwe | <5.7~ | 5.7~ |
| ubuntu/linux-azure | <5.3.0-1028.29 | 5.3.0-1028.29 |
| ubuntu/linux-azure | <5.4.0-1016.16 | 5.4.0-1016.16 |
| ubuntu/linux-azure | <5.7~ | 5.7~ |
| ubuntu/linux-azure-4.15 | <5.7~ | 5.7~ |
| ubuntu/linux-azure-5.3 | <5.3.0-1028.29~18.04.1 | 5.3.0-1028.29~18.04.1 |
| ubuntu/linux-azure-5.3 | <5.7~ | 5.7~ |
| ubuntu/linux-azure-5.4 | <5.7~ | 5.7~ |
| ubuntu/linux-azure-edge | <5.7~ | 5.7~ |
| ubuntu/linux-gcp | <5.3.0-1026.28 | 5.3.0-1026.28 |
| ubuntu/linux-gcp | <5.4.0-1015.15 | 5.4.0-1015.15 |
| ubuntu/linux-gcp | <5.7~ | 5.7~ |
| ubuntu/linux-gcp-4.15 | <5.7~ | 5.7~ |
| ubuntu/linux-gcp-5.3 | <5.3.0-1026.28~18.04.1 | 5.3.0-1026.28~18.04.1 |
| ubuntu/linux-gcp-5.3 | <5.7~ | 5.7~ |
| ubuntu/linux-gcp-edge | <5.7~ | 5.7~ |
| ubuntu/linux-gke-4.15 | <5.7~ | 5.7~ |
| ubuntu/linux-gke-5.0 | <5.0.0-1042.43 | 5.0.0-1042.43 |
| ubuntu/linux-gke-5.0 | <5.7~ | 5.7~ |
| ubuntu/linux-gke-5.3 | <5.3.0-1026.28~18.04.1 | 5.3.0-1026.28~18.04.1 |
| ubuntu/linux-gke-5.3 | <5.7~ | 5.7~ |
| ubuntu/linux-hwe | <5.3.0-59.53~18.04.1 | 5.3.0-59.53~18.04.1 |
| ubuntu/linux-hwe | <5.7~ | 5.7~ |
| ubuntu/linux-hwe-5.4 | <5.7~ | 5.7~ |
| ubuntu/linux-hwe-edge | <5.7~ | 5.7~ |
| ubuntu/linux-kvm | <5.3.0-1023.25 | 5.3.0-1023.25 |
| ubuntu/linux-kvm | <5.4.0-1015.15 | 5.4.0-1015.15 |
| ubuntu/linux-kvm | <5.7~ | 5.7~ |
| ubuntu/linux-lts-trusty | <5.7~ | 5.7~ |
| ubuntu/linux-lts-xenial | <5.7~ | 5.7~ |
| ubuntu/linux-oem | <5.7~ | 5.7~ |
| ubuntu/linux-oem-5.6 | <5.6.0-1010.10 | 5.6.0-1010.10 |
| ubuntu/linux-oem-5.6 | <5.7~ | 5.7~ |
| ubuntu/linux-oem-osp1 | <5.0.0-1059.64 | 5.0.0-1059.64 |
| ubuntu/linux-oem-osp1 | <5.7~ | 5.7~ |
| ubuntu/linux-oracle | <5.3.0-1024.26 | 5.3.0-1024.26 |
| ubuntu/linux-oracle | <5.4.0-1015.15 | 5.4.0-1015.15 |
| ubuntu/linux-oracle | <5.7~ | 5.7~ |
| ubuntu/linux-oracle-5.0 | <5.7~ | 5.7~ |
| ubuntu/linux-oracle-5.3 | <5.3.0-1024.26~18.04.1 | 5.3.0-1024.26~18.04.1 |
| ubuntu/linux-oracle-5.3 | <5.7~ | 5.7~ |
| ubuntu/linux-raspi | <5.4.0-1012.12 | 5.4.0-1012.12 |
| ubuntu/linux-raspi | <5.7~ | 5.7~ |
| ubuntu/linux-raspi-5.4 | <5.7~ | 5.7~ |
| ubuntu/linux-raspi2 | <5.3.0-1027.29 | 5.3.0-1027.29 |
| ubuntu/linux-raspi2 | <5.7~ | 5.7~ |
| ubuntu/linux-raspi2-5.3 | <5.3.0-1027.29~18.04.1 | 5.3.0-1027.29~18.04.1 |
| ubuntu/linux-raspi2-5.3 | <5.7~ | 5.7~ |
| ubuntu/linux-riscv | <5.4.0-27.31 | 5.4.0-27.31 |
| ubuntu/linux-riscv | <5.7~ | 5.7~ |
| ubuntu/linux-snapdragon | <5.7~ | 5.7~ |
| Linux Linux kernel | >=4.18<4.19.118 | |
| Linux Linux kernel | >=4.20<5.4.35 | |
| Linux Linux kernel | >=5.5<5.6.7 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | ||
| Netapp Cloud Backup | ||
| Netapp Hci Baseboard Management Controller | =h300s | |
| Netapp Hci Baseboard Management Controller | =h410c | |
| Netapp Hci Baseboard Management Controller | =h410s | |
| Netapp Hci Baseboard Management Controller | =h500s | |
| Netapp Hci Baseboard Management Controller | =h610c | |
| Netapp Hci Baseboard Management Controller | =h610s | |
| Netapp Hci Baseboard Management Controller | =h615c | |
| Netapp Hci Baseboard Management Controller | =h700s | |
| Netapp Solidfire \& Hci Management Node | ||
| Netapp Steelstore Cloud Integrated Storage | ||
| Netapp Aff Baseboard Management Controller | =a700s | |
| Netapp Solidfire Baseboard Management Controller | ||
| debian/linux | 4.19.249-2 4.19.304-1 5.10.209-2 5.10.216-1 6.1.76-1 6.1.90-1 6.7.12-1 6.8.9-1 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-12659 https://nvd.nist.gov/vuln/detail/CVE-2020-12659
- https://bugzilla.redhat.com/show_bug.cgi?id=1832876
- https://access.redhat.com/errata/RHSA-2020:4609
- https://access.redhat.com/errata/RHSA-2020:4431
- https://access.redhat.com/security/cve/cve-2020-12659
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
- https://bugzilla.kernel.org/show_bug.cgi?id=207225
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.7
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99e3a236dd43d06c65af0a2ef9cb44306aef6e02
- https://github.com/torvalds/linux/commit/99e3a236dd43d06c65af0a2ef9cb44306aef6e02
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://usn.ubuntu.com/4387-1/
- https://usn.ubuntu.com/4388-1/
- https://usn.ubuntu.com/4389-1/
- https://launchpad.net/bugs/cve/CVE-2020-12659
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=99e3a236dd43d06c65af0a2ef9cb44306aef6e02
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1832878
- https://git.kernel.org/linus/99e3a236dd43d06c65af0a2ef9cb44306aef6e02
- https://security-tracker.debian.org/tracker/CVE-2020-12659
- https://git.kernel.org/linus/99e3a236dd43d06c65af0a2ef9cb44306aef6e02 (5.7-rc2)
- https://ubuntu.com/security/notices/USN-4387-1
- https://ubuntu.com/security/notices/USN-4389-1
- https://ubuntu.com/security/notices/USN-4388-1
- https://www.cve.org/CVERecord?id=CVE-2020-12659
- https://nvd.nist.gov/vuln/detail/CVE-2020-12659
- https://git.kernel.org/linus/c0c77d8fb787cfe0c3fca689c2a30d1dad4eaba7
- https://ubuntu.com/security/CVE-2020-12659
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/remedy
- agent/severity
- agent/weakness
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-12659
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- collector/usn-cve
- source/Ubuntu
- agent/references
- collector/security-tracker-debian
- source/Debian
- agent/tags
- agent/event
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- package-manager/redhat
- vendor/linux
- canonical/linux linux kernel
- package-manager/ubuntu
- package-manager/debian
- version/linux linux kernel/4.18
- version/linux linux kernel/4.20
- version/linux linux kernel/5.5
- vendor/netapp
- canonical/netapp active iq unified manager vmware vsphere
- canonical/netapp cloud backup
- canonical/netapp hci baseboard management controller
- version/netapp hci baseboard management controller/h300s
- version/netapp hci baseboard management controller/h410c
- version/netapp hci baseboard management controller/h410s
- version/netapp hci baseboard management controller/h500s
- version/netapp hci baseboard management controller/h610c
- version/netapp hci baseboard management controller/h610s
- version/netapp hci baseboard management controller/h615c
- version/netapp hci baseboard management controller/h700s
- canonical/netapp solidfire \& hci management node
- canonical/netapp steelstore cloud integrated storage
- canonical/netapp aff baseboard management controller
- version/netapp aff baseboard management controller/a700s
- canonical/netapp solidfire baseboard management controller