CVE-2020-25285

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.

References

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.8

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17743798d81238ab13050e8e2833699b54e15467

https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html

https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

https://security.netapp.com/advisory/ntap-20201009-0002/

https://twitter.com/grsecurity/status/1303749848898904067

https://usn.ubuntu.com/4576-1/

https://usn.ubuntu.com/4579-1/

Details

Source: MITRE

Published: 2020-09-13

Updated: 2020-11-02

Type: CWE-362

Risk Information

CVSS v2

Base Score: 4.4

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.4

Severity: MEDIUM

CVSS v3

Base Score: 6.4

Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 0.5

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Tenable Plugins

View all (45 total)

IDNameProductFamilySeverity
150536SUSE SLES11 Security Update : kernel (SUSE-SU-2021:14630-1)NessusSuSE Local Security Checks
high
149914Oracle Linux 8 : kernel (ELSA-2021-1578)NessusOracle Linux Local Security Checks
high
149874CentOS 8 : kernel (CESA-2021:1578)NessusCentOS Local Security Checks
high
149670RHEL 8 : kernel (RHSA-2021:1578)NessusRed Hat Local Security Checks
high
149660RHEL 8 : kernel-rt (RHSA-2021:1739)NessusRed Hat Local Security Checks
high
148494Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4912-1)NessusUbuntu Local Security Checks
high
147690EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2021-1642)NessusHuawei Local Security Checks
high
147512EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-1604)NessusHuawei Local Security Checks
high
146511SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0452-1)NessusSuSE Local Security Checks
high
146476SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0437-1)NessusSuSE Local Security Checks
high
146282openSUSE Security Update : RT kernel (openSUSE-2021-242)NessusSuSE Local Security Checks
high
145201EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1079)NessusHuawei Local Security Checks
high
144731EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-1039)NessusHuawei Local Security Checks
high
144244EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-2549)NessusHuawei Local Security Checks
high
143875SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3532-1)NessusSuSE Local Security Checks
high
143858SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3326-1)NessusSuSE Local Security Checks
high
143857SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3544-1)NessusSuSE Local Security Checks
high
143809SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3272-1)NessusSuSE Local Security Checks
high
143802SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3513-1)NessusSuSE Local Security Checks
high
143780SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3522-1)NessusSuSE Local Security Checks
high
143773SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3281-1)NessusSuSE Local Security Checks
high
143621SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3122-1)NessusSuSE Local Security Checks
high
143445Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4660-1)NessusUbuntu Local Security Checks
high
143398openSUSE Security Update : the Linux Kernel (openSUSE-2020-2112)NessusSuSE Local Security Checks
high
142945openSUSE Security Update : the Linux Kernel (openSUSE-2020-1906)NessusSuSE Local Security Checks
high
142921openSUSE Security Update : the Linux Kernel (openSUSE-2020-1901)NessusSuSE Local Security Checks
high
142240EulerOS 2.0 SP2 : kernel (EulerOS-SA-2020-2353)NessusHuawei Local Security Checks
high
142176Debian DLA-2420-2 : linux regression updateNessusDebian Local Security Checks
high
142148EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-2311)NessusHuawei Local Security Checks
high
141961Amazon Linux AMI : kernel (ALAS-2020-1437)NessusAmazon Linux Local Security Checks
high
141789Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-295-01)NessusSlackware Local Security Checks
high
141451Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4576-1)NessusUbuntu Local Security Checks
high
141447Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4579-1)NessusUbuntu Local Security Checks
high
141445Photon OS 2.0: Linux PHSA-2020-2.0-0288NessusPhotonOS Local Security Checks
high
141439Photon OS 1.0: Linux PHSA-2020-1.0-0330NessusPhotonOS Local Security Checks
medium
141396Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5885)NessusOracle Linux Local Security Checks
high
141395Oracle Linux 8 : Unbreakable Enterprise kernel (ELSA-2020-5884)NessusOracle Linux Local Security Checks
high
141374OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0044)NessusOracleVM Local Security Checks
critical
141367Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5879)NessusOracle Linux Local Security Checks
high
141365Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2020-5881)NessusOracle Linux Local Security Checks
medium
141332EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2166)NessusHuawei Local Security Checks
high
141329EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2176)NessusHuawei Local Security Checks
high
141207Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5866)NessusOracle Linux Local Security Checks
critical
141106Amazon Linux 2 : kernel (ALAS-2020-1495)NessusAmazon Linux Local Security Checks
medium
140933Debian DLA-2385-1 : linux-4.19 security updateNessusDebian Local Security Checks
high