First published: Tue May 05 2020(Updated: )
An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <0:4.18.0-240.rt7.54.el8 | 0:4.18.0-240.rt7.54.el8 |
redhat/kernel | <0:4.18.0-240.el8 | 0:4.18.0-240.el8 |
redhat/kernel | <5.6.7 | 5.6.7 |
Linux Kernel | <5.6.7 | |
Linux Kernel | >=4.18<4.19.118 | |
Linux Kernel | >=4.20<5.4.35 | |
Linux Kernel | >=5.5<5.6.7 | |
NetApp Active IQ Unified Manager for VMware vSphere | ||
NetApp Cloud Backup | ||
NetApp HCI Baseboard Management Controller | =h300s | |
NetApp HCI Baseboard Management Controller | =h410c | |
NetApp HCI Baseboard Management Controller | =h410s | |
NetApp HCI Baseboard Management Controller | =h500s | |
NetApp HCI Baseboard Management Controller | =h610c | |
NetApp HCI Baseboard Management Controller | =h610s | |
NetApp HCI Baseboard Management Controller | =h615c | |
NetApp HCI Baseboard Management Controller | =h700s | |
NetApp SolidFire & HCI Management Node | ||
NetApp SteelStore Cloud Integrated Storage | ||
NetApp FAS/AFF Baseboard Management Controller | =a700s | |
NetApp SolidFire | ||
debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-12659 is classified as a high severity vulnerability due to the potential for unauthorized out-of-bounds writes.
To resolve CVE-2020-12659, upgrade to at least kernel version 5.6.7 or the relevant patched versions provided by your distribution.
CVE-2020-12659 affects Linux kernel versions prior to 5.6.7, including versions 4.18.x and 4.19.x.
CVE-2020-12659 specifically affects the Network XDP subsystem within the Linux kernel.
Yes, exploitation of CVE-2020-12659 requires CAP_NET_ADMIN capabilities.