{"api_version":"1","generated_at":"2026-04-22T23:30:46+00:00","cve":"CVE-2020-10751","urls":{"html":"https://cve.report/CVE-2020-10751","api":"https://cve.report/api/cve/CVE-2020-10751.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-10751","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-10751"},"summary":{"title":"CVE-2020-10751","description":"A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2020-05-26 15:15:00","updated_at":"2023-02-12 23:39:00"},"problem_types":["CWE-349"],"metrics":[],"references":[{"url":"https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg@mail.gmail.com/","name":"https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg@mail.gmail.com/","refsource":"CONFIRM","tags":["Mailing List","Vendor Advisory"],"title":"Re: selinux_netlink_send changes program behavior - Dmitry Vyukov","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4412-1/","name":"USN-4412-1","refsource":"UBUNTU","tags":[],"title":"USN-4412-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1839634","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1839634","refsource":"MISC","tags":[],"title":"1839634 – (CVE-2020-10751) CVE-2020-10751 kernel: SELinux netlink permission check bypass","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2020:4609","name":"https://access.redhat.com/errata/RHSA-2020:4609","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2020:4431","name":"https://access.redhat.com/errata/RHSA-2020:4431","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2020/dsa-4699","name":"DSA-4699","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4699-1 linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4391-1/","name":"USN-4391-1","refsource":"UBUNTU","tags":[],"title":"USN-4391-1: Linux kernel vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2020/05/27/3","name":"[oss-security] 20200527 CVE-2020-10751 - Linux kernel: SELinux netlink permission check bypass","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"oss-security - CVE-2020-10751 - Linux kernel: SELinux netlink permission check bypass","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2020:4060","name":"https://access.redhat.com/errata/RHSA-2020:4060","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg%40mail.gmail.com/","name":"https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg%40mail.gmail.com/","refsource":"MISC","tags":[],"title":"Re: selinux_netlink_send changes program behavior - Dmitry Vyukov","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4390-1/","name":"USN-4390-1","refsource":"UBUNTU","tags":[],"title":"USN-4390-1: Linux kernel vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html","name":"openSUSE-SU-2020:0935","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2020:0935-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","name":"[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2241-2] linux security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6","name":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"kernel/git/torvalds/linux.git - Linux kernel source tree","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2020:4062","name":"https://access.redhat.com/errata/RHSA-2020:4062","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4389-1/","name":"USN-4389-1","refsource":"UBUNTU","tags":[],"title":"USN-4389-1: Linux kernel vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.openwall.com/lists/oss-security/2020/04/30/5","name":"https://www.openwall.com/lists/oss-security/2020/04/30/5","refsource":"CONFIRM","tags":["Mailing List","Third Party Advisory"],"title":"oss-security - Linux kernel SELinux/netlink missing access check","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","name":"[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2242-1] linux-4.9 security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4413-1/","name":"USN-4413-1","refsource":"UBUNTU","tags":[],"title":"USN-4413-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10751","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10751","refsource":"CONFIRM","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"1839634 – (CVE-2020-10751) CVE-2020-10751 kernel: SELinux netlink permission check bypass","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","name":"[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2241-1] linux security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","name":"https://www.oracle.com/security-alerts/cpuApr2021.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - April 2021","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2020/dsa-4698","name":"DSA-4698","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4698-1 linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2020-10751","name":"https://access.redhat.com/security/cve/CVE-2020-10751","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","name":"openSUSE-SU-2020:0801","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2020:0801-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-10751","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10751","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"10751","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kernel","cpe5":"selinux","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"10751","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kernel","cpe5":"selinux","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"10751","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"10751","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"10751","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"10751","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-10751","qid":"159684","title":"Oracle Enterprise Linux Security Update for kernel (ELSA-2020-4431)"},{"cve":"CVE-2020-10751","qid":"352300","title":"Amazon Linux Security Advisory for kernel: ALAC2012-2020-020"},{"cve":"CVE-2020-10751","qid":"353139","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-012"},{"cve":"CVE-2020-10751","qid":"377065","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2020:0113)"},{"cve":"CVE-2020-10751","qid":"750376","title":"OpenSUSE Security Update for RT kernel (openSUSE-SU-2021:0242-1)"},{"cve":"CVE-2020-10751","qid":"940256","title":"AlmaLinux Security Update for kernel (ALSA-2020:4431)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2020-10751","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-349","cweId":"CWE-349"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"The Linux Foundation","product":{"product_data":[{"product_name":"kernel","version":{"version_data":[{"version_affected":"=","version_value":"before 5.7"}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","refsource":"MISC","name":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html","refsource":"MISC","name":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"},{"url":"http://www.openwall.com/lists/oss-security/2020/05/27/3","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2020/05/27/3"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10751","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10751"},{"url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6","refsource":"MISC","name":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6"},{"url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"},{"url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"},{"url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"},{"url":"https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg%40mail.gmail.com/","refsource":"MISC","name":"https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg%40mail.gmail.com/"},{"url":"https://usn.ubuntu.com/4389-1/","refsource":"MISC","name":"https://usn.ubuntu.com/4389-1/"},{"url":"https://usn.ubuntu.com/4390-1/","refsource":"MISC","name":"https://usn.ubuntu.com/4390-1/"},{"url":"https://usn.ubuntu.com/4391-1/","refsource":"MISC","name":"https://usn.ubuntu.com/4391-1/"},{"url":"https://usn.ubuntu.com/4412-1/","refsource":"MISC","name":"https://usn.ubuntu.com/4412-1/"},{"url":"https://usn.ubuntu.com/4413-1/","refsource":"MISC","name":"https://usn.ubuntu.com/4413-1/"},{"url":"https://www.debian.org/security/2020/dsa-4698","refsource":"MISC","name":"https://www.debian.org/security/2020/dsa-4698"},{"url":"https://www.debian.org/security/2020/dsa-4699","refsource":"MISC","name":"https://www.debian.org/security/2020/dsa-4699"},{"url":"https://www.openwall.com/lists/oss-security/2020/04/30/5","refsource":"MISC","name":"https://www.openwall.com/lists/oss-security/2020/04/30/5"}]},"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","version":"3.1"}]}},"nvd":{"publishedDate":"2020-05-26 15:15:00","lastModifiedDate":"2023-02-12 23:39:00","problem_types":["CWE-349"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":4.2},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":3.6},"severity":"LOW","exploitabilityScore":3.9,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:kernel:selinux:*:*:*:*:*:*:*:*","versionEndExcluding":"5.7","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"10751","Ordinal":"171191","Title":"CVE-2020-10751","CVE":"CVE-2020-10751","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"10751","Ordinal":"1","NoteData":"A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"10751","Ordinal":"2","NoteData":"2020-05-26","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"10751","Ordinal":"3","NoteData":"2021-06-14","Type":"Other","Title":"Modified"}]}}}