CVE-2020-25211

medium

Description

In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6

https://twitter.com/grsecurity/status/1303646421158109185

https://lists.fedoraproject.org/archives/list/[email protected]/message/OLDYVOM4OS55HA45Y3UEVLDHYGFXPZUX/

https://lists.fedoraproject.org/archives/list/[email protected]/message/BL2O4JAMPJG4YMLLJ7JFDHDJRXN4RKTC/

https://security.netapp.com/advisory/ntap-20201009-0001/

https://www.debian.org/security/2020/dsa-4774

https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html

https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

Details

Source: MITRE

Published: 2020-09-09

Updated: 2022-11-16

Type: CWE-120

Risk Information

CVSS v2

Base Score: 3.6

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 6

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Impact Score: 5.2

Exploitability Score: 0.8

Severity: MEDIUM