CVE-2020-11565: 
Linux Kernel vulnerability analysis and mitigation

An issue was discovered in the Linux kernel through 5.6.2 where mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write due to improper handling of empty nodelists during mount option parsing. This vulnerability is disputed as some security researchers argue that since the bug can only be triggered by privileged users specifying mount options, it does not grant additional privileges beyond those already held (NVD).

The vulnerability occurs when parsing the 'mpol' mount option for tmpfs filesystems with an empty nodelist (e.g., 'mpol=prefer:,'). The issue stems from MPOL_PREFERRED requiring a single node number, which is not being provided in this case. The fix involves adding a check to ensure 'nodes' is not empty after parsing for MPOL_PREFERRED's nodeid (Kernel Commit). The vulnerability has been assigned a CVSS v3.1 base score of 6.0 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H (NVD).

If user namespaces are enabled, a local attacker with the ability to specify mount options could potentially exploit this vulnerability to cause a denial of service (system crash) or possibly achieve privilege escalation (Ubuntu Security).

The vulnerability has been fixed in multiple Linux distributions through security updates. Ubuntu has released fixes in versions 5.4.0-31.35 for Ubuntu 20.04 LTS, 4.15.0-101.102 for Ubuntu 18.04 LTS, and 4.4.0-179.209 for Ubuntu 16.04 LTS (USN-4363-1). Debian has addressed this in version 4.19.98-1+deb10u1 for Debian 10 Buster (DSA-4667-1).