CVE-2020-12659
First published: Tue May 05 2020(Updated: )
An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-240.rt7.54.el8 | 0:4.18.0-240.rt7.54.el8 |
| redhat/kernel | <0:4.18.0-240.el8 | 0:4.18.0-240.el8 |
| redhat/kernel | <5.6.7 | 5.6.7 |
| Linux Kernel | <5.6.7 | |
| Linux Kernel | >=4.18<4.19.118 | |
| Linux Kernel | >=4.20<5.4.35 | |
| Linux Kernel | >=5.5<5.6.7 | |
| NetApp Active IQ Unified Manager for VMware vSphere | ||
| NetApp Cloud Backup | ||
| NetApp HCI Baseboard Management Controller | =h300s | |
| NetApp HCI Baseboard Management Controller | =h410c | |
| NetApp HCI Baseboard Management Controller | =h410s | |
| NetApp HCI Baseboard Management Controller | =h500s | |
| NetApp HCI Baseboard Management Controller | =h610c | |
| NetApp HCI Baseboard Management Controller | =h610s | |
| NetApp HCI Baseboard Management Controller | =h615c | |
| NetApp HCI Baseboard Management Controller | =h700s | |
| NetApp SolidFire & HCI Management Node | ||
| NetApp SteelStore Cloud Integrated Storage | ||
| NetApp FAS/AFF Baseboard Management Controller | =a700s | |
| NetApp SolidFire | ||
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-12659 https://nvd.nist.gov/vuln/detail/CVE-2020-12659
- https://bugzilla.redhat.com/show_bug.cgi?id=1832876
- https://access.redhat.com/errata/RHSA-2020:4609
- https://access.redhat.com/errata/RHSA-2020:4431
- https://access.redhat.com/security/cve/cve-2020-12659
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
- https://bugzilla.kernel.org/show_bug.cgi?id=207225
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.7
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99e3a236dd43d06c65af0a2ef9cb44306aef6e02
- https://github.com/torvalds/linux/commit/99e3a236dd43d06c65af0a2ef9cb44306aef6e02
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://usn.ubuntu.com/4387-1/
- https://usn.ubuntu.com/4388-1/
- https://usn.ubuntu.com/4389-1/
- https://launchpad.net/bugs/cve/CVE-2020-12659
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=99e3a236dd43d06c65af0a2ef9cb44306aef6e02
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1832878
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12659
- https://nvd.nist.gov/vuln/detail/CVE-2020-12659
- https://security-tracker.debian.org/tracker/CVE-2020-12659
- https://ubuntu.com/security/CVE-2020-12659
- https://git.kernel.org/linus/99e3a236dd43d06c65af0a2ef9cb44306aef6e02
Frequently Asked Questions
What is the severity of CVE-2020-12659?
CVE-2020-12659 is classified as a high severity vulnerability due to the potential for unauthorized out-of-bounds writes.
How do I fix CVE-2020-12659?
To resolve CVE-2020-12659, upgrade to at least kernel version 5.6.7 or the relevant patched versions provided by your distribution.
Which Linux kernel versions are affected by CVE-2020-12659?
CVE-2020-12659 affects Linux kernel versions prior to 5.6.7, including versions 4.18.x and 4.19.x.
What components are impacted by CVE-2020-12659?
CVE-2020-12659 specifically affects the Network XDP subsystem within the Linux kernel.
Is user privilege required to exploit CVE-2020-12659?
Yes, exploitation of CVE-2020-12659 requires CAP_NET_ADMIN capabilities.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/severity
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-12659
- agent/software-canonical-lookup
- agent/author
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/remedy
- agent/references
- agent/description
- agent/last-modified-date
- agent/trending
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/event
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.18
- version/linux kernel/4.20
- version/linux kernel/5.5
- vendor/netapp
- canonical/netapp active iq unified manager for vmware vsphere
- canonical/netapp cloud backup
- canonical/netapp hci baseboard management controller
- version/netapp hci baseboard management controller/h300s
- version/netapp hci baseboard management controller/h410c
- version/netapp hci baseboard management controller/h410s
- version/netapp hci baseboard management controller/h500s
- version/netapp hci baseboard management controller/h610c
- version/netapp hci baseboard management controller/h610s
- version/netapp hci baseboard management controller/h615c
- version/netapp hci baseboard management controller/h700s
- canonical/netapp solidfire & hci management node
- canonical/netapp steelstore cloud integrated storage
- canonical/netapp fas/aff baseboard management controller
- version/netapp fas/aff baseboard management controller/a700s
- canonical/netapp solidfire
- package-manager/debian