BDU:2020-05791

Опубликовано: 08 сент. 2020

Источник: fstec

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

Уязвимость функции skb_to_mamac (network.c) драйвера MostCore операционной системы Android вызвана целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии

Вендор

Google Inc

Novell Inc.

Наименование ПО

Android

SUSE Linux Enterprise Server for SAP Applications

SUSE OpenStack Cloud

SUSE Linux Enterprise Module for Basesystem

SUSE Enterprise Storage

SUSE Linux Enterprise Module for Development Tools

Suse Linux Enterprise Server

SUSE Linux Enterprise High Availability

SUSE Linux Enterprise Live Patching

SUSE Linux Enterprise Module for Legacy Software

SUSE Linux Enterprise Module for Live Patching

SUSE Linux Enterprise Workstation Extension

SUSE Linux Enterprise Module for Open Buildservice Development Tools

OpenSUSE Leap

SUSE Linux Enterprise Software Development Kit

SUSE OpenStack Cloud Crowbar

SUSE Linux Enterprise Module for Public Cloud

SUSE Linux Enterprise Module for Realtime packages

SUSE Linux Enterprise High Performance Computing

Версия ПО

- (Android)

12 SP2 (SUSE Linux Enterprise Server for SAP Applications)

12 SP2-BCL (SUSE Linux Enterprise Server for SAP Applications)

12 SP2-ESPOS (SUSE Linux Enterprise Server for SAP Applications)

12 SP2-LTSS (SUSE Linux Enterprise Server for SAP Applications)

12 SP3 (SUSE Linux Enterprise Server for SAP Applications)

12 SP4 (SUSE Linux Enterprise Server for SAP Applications)

7 (SUSE OpenStack Cloud)

15 SP1 (SUSE Linux Enterprise Module for Basesystem)

5 (SUSE Enterprise Storage)

15 SP1 (SUSE Linux Enterprise Module for Development Tools)

12 SP2-BCL (Suse Linux Enterprise Server)

12 SP2-ESPOS (Suse Linux Enterprise Server)

12 SP2 (SUSE Linux Enterprise High Availability)

12 SP3 (SUSE Linux Enterprise High Availability)

12 SP4 (SUSE Linux Enterprise High Availability)

15 (SUSE Linux Enterprise High Availability)

15 SP1 (SUSE Linux Enterprise High Availability)

12 SP4 (SUSE Linux Enterprise Live Patching)

15 SP1 (SUSE Linux Enterprise Module for Legacy Software)

15 (SUSE Linux Enterprise Module for Live Patching)

15 SP1 (SUSE Linux Enterprise Workstation Extension)

15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools)

15.1 (OpenSUSE Leap)

15 (SUSE Linux Enterprise Server for SAP Applications)

12 SP2-LTSS (Suse Linux Enterprise Server)

15 SP1 (SUSE Linux Enterprise Module for Live Patching)

12 SP3-LTSS (Suse Linux Enterprise Server)

8 (SUSE OpenStack Cloud)

12 SP3-BCL (Suse Linux Enterprise Server)

12 SP5 (Suse Linux Enterprise Server)

12 SP3-BCL (SUSE Linux Enterprise Server for SAP Applications)

12 SP3-LTSS (SUSE Linux Enterprise Server for SAP Applications)

12 SP5 (SUSE Linux Enterprise Server for SAP Applications)

12 SP5 (SUSE Linux Enterprise Software Development Kit)

8 (SUSE OpenStack Cloud Crowbar)

15 SP1 (SUSE Linux Enterprise Module for Public Cloud)

12 SP3-ESPOS (Suse Linux Enterprise Server)

12 SP3-ESPOS (SUSE Linux Enterprise Server for SAP Applications)

9 (SUSE OpenStack Cloud)

9 (SUSE OpenStack Cloud Crowbar)

12 SP5 (SUSE Linux Enterprise High Availability)

15 SP1 (SUSE Linux Enterprise Module for Realtime packages)

12 SP5 (SUSE Linux Enterprise Workstation Extension)

12 SP5 (SUSE Linux Enterprise Live Patching)

15-ESPOS (SUSE Linux Enterprise High Performance Computing)

15-LTSS (SUSE Linux Enterprise High Performance Computing)

15-LTSS (Suse Linux Enterprise Server)

15 SP2 (SUSE Linux Enterprise Module for Basesystem)

15 SP2 (SUSE Linux Enterprise Module for Open Buildservice Development Tools)

15 SP2 (SUSE Linux Enterprise Workstation Extension)

15.2 (OpenSUSE Leap)

15 SP2 (SUSE Linux Enterprise Module for Development Tools)

12 SP4 LTSS (Suse Linux Enterprise Server)

12 SP4-LTSS (SUSE Linux Enterprise Server for SAP Applications)

12 SP4-ESPOS (SUSE Linux Enterprise Server for SAP Applications)

15 SP2 (SUSE Linux Enterprise High Availability)

15 SP2 (SUSE Linux Enterprise Module for Legacy Software)

15 SP2 (SUSE Linux Enterprise Module for Live Patching)

15 SP2 (SUSE Linux Enterprise Module for Public Cloud)

Тип ПО

Операционная система

Прикладное ПО информационных систем

Операционные системы и аппаратные платформы

Google Inc Android -

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-BCL

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-ESPOS

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-LTSS

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4

Novell Inc. Suse Linux Enterprise Server 12 SP2-BCL

Novell Inc. Suse Linux Enterprise Server 12 SP2-ESPOS

Novell Inc. OpenSUSE Leap 15.1

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15

Novell Inc. Suse Linux Enterprise Server 12 SP2-LTSS

Novell Inc. Suse Linux Enterprise Server 12 SP3-LTSS

Novell Inc. Suse Linux Enterprise Server 12 SP3-BCL

Novell Inc. Suse Linux Enterprise Server 12 SP5

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3-BCL

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3-LTSS

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5

Novell Inc. Suse Linux Enterprise Server 12 SP3-ESPOS

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3-ESPOS

Novell Inc. Suse Linux Enterprise Server 15-LTSS

Novell Inc. OpenSUSE Leap 15.2

Novell Inc. Suse Linux Enterprise Server 12 SP4 LTSS

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4-LTSS

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4-ESPOS

Уровень опасности уязвимости

Высокий уровень опасности (базовая оценка CVSS 2.0 составляет 7,2)

Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 7,8)

Возможные меры по устранению уязвимости

Использование рекомендаций:

Для Android:

https://source.android.com/security/bulletin/pixel/2020-09-01

Для программных продуктов Novell Inc.:

https://www.suse.com/security/cve/CVE-2020-0432/

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0432
CVE

EPSS

Процентиль: 8%

0.00033

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Связанные уязвимости

CVE-2020-0432

CVSS3: 7.8

ubuntu

почти 5 лет назад

In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807

CVE-2020-0432

CVSS3: 7.8

redhat

почти 5 лет назад

CVE-2020-0432

CVSS3: 7.8

nvd

почти 5 лет назад

CVE-2020-0432

CVSS3: 7.8

debian

почти 5 лет назад

In skb_to_mamac of networking.c, there is a possible out of bounds wri ...

GHSA-24q8-rjjm-c7vv

CVSS3: 7.8

github

около 3 лет назад

EPSS

Процентиль: 8%

0.00033

Низкий

7.8 High

CVSS3

7.2 High

CVSS2