CVE-2020-25285

MEDIUM

Description

A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.

References

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.8

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17743798d81238ab13050e8e2833699b54e15467

https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html

https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

https://security.netapp.com/advisory/ntap-20201009-0002/

https://twitter.com/grsecurity/status/1303749848898904067

https://usn.ubuntu.com/4576-1/

https://usn.ubuntu.com/4579-1/

Details

Source: MITRE

Published: 2020-09-13

Updated: 2020-11-02

Type: CWE-362

Risk Information

CVSS v2.0

Base Score: 4.4

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.4

Severity: MEDIUM

CVSS v3.0

Base Score: 6.4

Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 0.5

Severity: MEDIUM

Vulnerable Software

ID	Name	Product	Family	Severity
147690	EulerOS : kernel (EulerOS-SA-2021-1642)	Nessus	Huawei Local Security Checks	high
147512	EulerOS : kernel (EulerOS-SA-2021-1604)	Nessus	Huawei Local Security Checks	high
146511	SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0452-1)	Nessus	SuSE Local Security Checks	high
146476	SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0437-1)	Nessus	SuSE Local Security Checks	high
146282	openSUSE Security Update : RT kernel (openSUSE-2021-242)	Nessus	SuSE Local Security Checks	high
145201	EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1079)	Nessus	Huawei Local Security Checks	high
144731	EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-1039)	Nessus	Huawei Local Security Checks	high
144244	EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-2549)	Nessus	Huawei Local Security Checks	high
143875	SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3532-1)	Nessus	SuSE Local Security Checks	high
143858	SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3326-1)	Nessus	SuSE Local Security Checks	medium
143857	SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3544-1)	Nessus	SuSE Local Security Checks	high
143809	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3272-1)	Nessus	SuSE Local Security Checks	medium
143802	SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3513-1)	Nessus	SuSE Local Security Checks	high
143780	SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3522-1)	Nessus	SuSE Local Security Checks	high
143773	SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3281-1)	Nessus	SuSE Local Security Checks	medium
143621	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3122-1)	Nessus	SuSE Local Security Checks	medium
143445	Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4660-1)	Nessus	Ubuntu Local Security Checks	high
143398	openSUSE Security Update : the Linux Kernel (openSUSE-2020-2112)	Nessus	SuSE Local Security Checks	high
142945	openSUSE Security Update : the Linux Kernel (openSUSE-2020-1906)	Nessus	SuSE Local Security Checks	high
142921	openSUSE Security Update : the Linux Kernel (openSUSE-2020-1901)	Nessus	SuSE Local Security Checks	high
142240	EulerOS 2.0 SP2 : kernel (EulerOS-SA-2020-2353)	Nessus	Huawei Local Security Checks	high
142176	Debian DLA-2420-2 : linux regression update	Nessus	Debian Local Security Checks	high
142148	EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-2311)	Nessus	Huawei Local Security Checks	high
141961	Amazon Linux AMI : kernel (ALAS-2020-1437)	Nessus	Amazon Linux Local Security Checks	high
141789	Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-295-01)	Nessus	Slackware Local Security Checks	high
141451	Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4576-1)	Nessus	Ubuntu Local Security Checks	medium
141447	Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4579-1)	Nessus	Ubuntu Local Security Checks	medium
141445	Photon OS 2.0: Linux PHSA-2020-2.0-0288	Nessus	PhotonOS Local Security Checks	high
141439	Photon OS 1.0: Linux PHSA-2020-1.0-0330	Nessus	PhotonOS Local Security Checks	medium
141396	Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5885)	Nessus	Oracle Linux Local Security Checks	high
141395	Oracle Linux 8 : Unbreakable Enterprise kernel (ELSA-2020-5884)	Nessus	Oracle Linux Local Security Checks	high
141374	OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0044)	Nessus	OracleVM Local Security Checks	critical
141367	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5879)	Nessus	Oracle Linux Local Security Checks	medium
141365	Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2020-5881)	Nessus	Oracle Linux Local Security Checks	medium
141332	EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2166)	Nessus	Huawei Local Security Checks	high
141329	EulerOS : kernel (EulerOS-SA-2020-2176)	Nessus	Huawei Local Security Checks	high
141207	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5866)	Nessus	Oracle Linux Local Security Checks	critical
141106	Amazon Linux 2 : kernel (ALAS-2020-1495)	Nessus	Amazon Linux Local Security Checks	high
140933	Debian DLA-2385-1 : linux-4.19 security update	Nessus	Debian Local Security Checks	high

CVE-2020-25285

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

high

high

high

high

high

high

high

high

medium

high

medium

high

high

medium

medium

high

high

high

high

high

high

high

high

high

medium

medium

high

medium

high

high

critical

medium

medium

high

high

critical

high

high