An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Linux
  • Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
References
Link Resource
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8 Release Notes
https://github.com/torvalds/linux/commit/7690aa1cdf7c4565ad6b013b324c28b685505e24 Patch
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-03-24T00:00:00

Updated: 2023-03-24T00:00:00

Reserved: 2023-03-24T00:00:00

Link: CVE-2020-36691

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2023-03-24T17:15:07.313

Modified: 2023-03-29T12:58:58.473

Link: CVE-2020-36691

JSON object: View

cve-icon Redhat Information

No data.

CWE