CVE-2020-25643

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html

https://bugzilla.redhat.com/show_bug.cgi?id=1879981

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=66d42ed8b25b64eb63111a2b8582c5afc8bf1105

https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html

https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

https://security.netapp.com/advisory/ntap-20201103-0002/

https://www.debian.org/security/2020/dsa-4774

Details

Source: MITRE

Published: 2020-10-06

Updated: 2020-11-03

Type: CWE-20

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:C

Impact Score: 8.5

Exploitability Score: 6.8

Severity: HIGH

CVSS v3

Base Score: 7.2

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.2

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 5.8.13 (inclusive)

cpe:2.3:o:linux:linux_kernel:5.9.0:-:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.9.0:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.9.0:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.9.0:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.9.0:rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.9.0:rc5:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.9.0:rc6:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Tenable Plugins

View all (48 total)

IDNameProductFamilySeverity
150536SUSE SLES11 Security Update : kernel (SUSE-SU-2021:14630-1)NessusSuSE Local Security Checks
high
149914Oracle Linux 8 : kernel (ELSA-2021-1578)NessusOracle Linux Local Security Checks
high
149874CentOS 8 : kernel (CESA-2021:1578)NessusCentOS Local Security Checks
high
149670RHEL 8 : kernel (RHSA-2021:1578)NessusRed Hat Local Security Checks
high
149660RHEL 8 : kernel-rt (RHSA-2021:1739)NessusRed Hat Local Security Checks
high
147982Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4752-1)NessusUbuntu Local Security Checks
high
147690EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2021-1642)NessusHuawei Local Security Checks
high
147559EulerOS Virtualization 3.0.6.6 : kernel (EulerOS-SA-2021-1454)NessusHuawei Local Security Checks
high
147512EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-1604)NessusHuawei Local Security Checks
high
147394NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2021-0030)NessusNewStart CGSL Local Security Checks
high
146282openSUSE Security Update : RT kernel (openSUSE-2021-242)NessusSuSE Local Security Checks
high
146181EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1200)NessusHuawei Local Security Checks
high
145201EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1079)NessusHuawei Local Security Checks
high
144831EulerOS Virtualization 3.0.2.6 : kernel (EulerOS-SA-2021-1056)NessusHuawei Local Security Checks
critical
144731EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-1039)NessusHuawei Local Security Checks
high
144549CentOS 7 : kernel (CESA-2020:5437)NessusCentOS Local Security Checks
high
144404RHEL 7 : kernel (RHSA-2020:5437)NessusRed Hat Local Security Checks
high
144402RHEL 7 : kernel-rt (RHSA-2020:5441)NessusRed Hat Local Security Checks
high
144333Oracle Linux 7 : kernel (ELSA-2020-5437)NessusOracle Linux Local Security Checks
high
144295Scientific Linux Security Update : kernel on SL7.x x86_64 (2020:5437)NessusScientific Linux Local Security Checks
high
143875SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3532-1)NessusSuSE Local Security Checks
high
143857SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3544-1)NessusSuSE Local Security Checks
high
143845SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2980-1)NessusSuSE Local Security Checks
high
143801SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2905-1)NessusSuSE Local Security Checks
high
143784SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3014-1)NessusSuSE Local Security Checks
high
143708SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2904-1)NessusSuSE Local Security Checks
high
143699SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2907-1)NessusSuSE Local Security Checks
high
143694SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3230-1)NessusSuSE Local Security Checks
high
143654SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3501-1)NessusSuSE Local Security Checks
high
143639SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3503-1)NessusSuSE Local Security Checks
high
143445Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4660-1)NessusUbuntu Local Security Checks
high
143433Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4657-1)NessusUbuntu Local Security Checks
high
143431Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4658-1)NessusUbuntu Local Security Checks
high
143398openSUSE Security Update : the Linux Kernel (openSUSE-2020-2112)NessusSuSE Local Security Checks
high
142943OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0051)NessusOracleVM Local Security Checks
high
142483Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5912)NessusOracle Linux Local Security Checks
high
142331EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2411)NessusHuawei Local Security Checks
high
142260EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2429)NessusHuawei Local Security Checks
high
142240EulerOS 2.0 SP2 : kernel (EulerOS-SA-2020-2353)NessusHuawei Local Security Checks
high
142176Debian DLA-2420-2 : linux regression updateNessusDebian Local Security Checks
high
142148EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-2311)NessusHuawei Local Security Checks
high
142052Debian DLA-2417-1 : linux-4.19 security updateNessusDebian Local Security Checks
high
141973Amazon Linux 2 : kernel (ALAS-2020-1520)NessusAmazon Linux Local Security Checks
high
141961Amazon Linux AMI : kernel (ALAS-2020-1437)NessusAmazon Linux Local Security Checks
high
141789Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-295-01)NessusSlackware Local Security Checks
high
141559openSUSE Security Update : the Linux Kernel (openSUSE-2020-1698)NessusSuSE Local Security Checks
high
141552Debian DSA-4774-1 : linux - security updateNessusDebian Local Security Checks
high
141388openSUSE Security Update : the Linux Kernel (openSUSE-2020-1655)NessusSuSE Local Security Checks
high