CVE-2020-26541

Tom_Wang · ‎10-11-2020

Hello,

I recently passed the CISSP and became the member of ISC2.

I looked the web site vulnerability.isc2.org and found out that one of the Linux Kernel vulnerability CVE-2020-26541 said:

The Linux kernel through 5.8.13 does not properly enforce the.....

My question is, the word "through" means this vulnerability only exists in Linux kernel version 5.8.13, or several other versions are also affected?

Sorry if this question looks more like a English rather than Security question from a non-native English speaker.

Thanks in advance.

denbesten · ‎10-12-2020

@Tom_Wang wrote:

The Linux kernel through 5.8.13 does not properly enforce the.....

My question is, the word "through" means this vulnerability only exists in Linux kernel version 5.8.13, or several other versions are also affected?

I would read that as "kernel versions 5.8.13 and earlier do not properly enforce..". The more common phasing would be, "fixed in 5.8.14".

ericgeater · ‎10-12-2020

Congrats on the pass. How on earth was I not culturally aware of vulnerability.isc2.org?! Thanks for talking about it in the group.

-----------
A claim is as good as its veracity.

isc220 · ‎10-12-2020

I interpret the statement

...Linux kernel through 5.8.13... to mean "up to and including 5.8.13.

Stated another way: this CVE-2020-26541 applies to all previous Linux kernel versions and includes version 5.8.13, but not versions higher than 5.8.13.

Hope that helps 🙂