CVE-2020-25641

MEDIUM

Description

A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

References

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html

http://www.openwall.com/lists/oss-security/2020/10/06/9

https://bugzilla.redhat.com/show_bug.cgi?id=1881424

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7e24969022cbd61ddc586f14824fc205661bb124

https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

https://usn.ubuntu.com/4576-1/

https://www.kernel.org/doc/html/latest/block/biovecs.html

Details

Source: MITRE

Published: 2020-10-06

Updated: 2020-12-04

Type: CWE-835

Risk Information

CVSS v2.0

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3.0

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Tenable Plugins

View all (32 total)

IDNameProductFamilySeverity
147982Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4752-1)NessusUbuntu Local Security Checks
high
147690EulerOS : kernel (EulerOS-SA-2021-1642)NessusHuawei Local Security Checks
high
147512EulerOS : kernel (EulerOS-SA-2021-1604)NessusHuawei Local Security Checks
high
146282openSUSE Security Update : RT kernel (openSUSE-2021-242)NessusSuSE Local Security Checks
high
145806CentOS 8 : kernel (CESA-2020:4431)NessusCentOS Local Security Checks
high
144996RHEL 8 : kernel-rt (RHSA-2021:0136)NessusRed Hat Local Security Checks
medium
144872RHEL 8 : kernel (RHSA-2021:0073)NessusRed Hat Local Security Checks
medium
144731EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-1039)NessusHuawei Local Security Checks
high
143875SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3532-1)NessusSuSE Local Security Checks
high
143857SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3544-1)NessusSuSE Local Security Checks
high
143845SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2980-1)NessusSuSE Local Security Checks
high
143801SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2905-1)NessusSuSE Local Security Checks
high
143784SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3014-1)NessusSuSE Local Security Checks
high
143708SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2904-1)NessusSuSE Local Security Checks
high
143699SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2907-1)NessusSuSE Local Security Checks
high
143694SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3230-1)NessusSuSE Local Security Checks
high
143639SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3503-1)NessusSuSE Local Security Checks
high
143601RHEL 8 : kernel (RHSA-2020:5374)NessusRed Hat Local Security Checks
medium
143445Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4660-1)NessusUbuntu Local Security Checks
high
143398openSUSE Security Update : the Linux Kernel (openSUSE-2020-2112)NessusSuSE Local Security Checks
high
142710RHEL 7 : kernel-alt (RHSA-2020:5079)NessusRed Hat Local Security Checks
medium
142430RHEL 8 : kernel (RHSA-2020:4431)NessusRed Hat Local Security Checks
high
142382RHEL 8 : kernel-rt (RHSA-2020:4609)NessusRed Hat Local Security Checks
high
142331EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2411)NessusHuawei Local Security Checks
high
142260EulerOS : kernel (EulerOS-SA-2020-2429)NessusHuawei Local Security Checks
high
142176Debian DLA-2420-2 : linux regression updateNessusDebian Local Security Checks
high
142148EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-2311)NessusHuawei Local Security Checks
high
141961Amazon Linux AMI : kernel (ALAS-2020-1437)NessusAmazon Linux Local Security Checks
high
141559openSUSE Security Update : the Linux Kernel (openSUSE-2020-1698)NessusSuSE Local Security Checks
high
141451Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4576-1)NessusUbuntu Local Security Checks
medium
141388openSUSE Security Update : the Linux Kernel (openSUSE-2020-1655)NessusSuSE Local Security Checks
high
140933Debian DLA-2385-1 : linux-4.19 security updateNessusDebian Local Security Checks
high