Lucene search

[email protected]NVD:CVE-2020-25643

HistoryOct 06, 2020 - 2:15 p.m.

CVE-2020-25643

2020-10-0614:15:12

CWE-20

[email protected]

web.nvd.nist.gov

linux kernel

hdlc_ppp module

memory corruption

read overflow

input validation

denial of service

data confidentiality

data integrity

system availability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:P/I:P/A:C

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

45.7%

JSON

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected configurations

Nvd

Node

linuxlinux_kernelRange2.6.29–4.4.238

linuxlinux_kernelRange4.5–4.9.238

linuxlinux_kernelRange4.10–4.14.200

linuxlinux_kernelRange4.15–4.19.148

linuxlinux_kernelRange4.20–5.4.68

linuxlinux_kernelRange5.5–5.8.12

linuxlinux_kernelMatch5.9.0rc1

linuxlinux_kernelMatch5.9.0rc2

linuxlinux_kernelMatch5.9.0rc3

linuxlinux_kernelMatch5.9.0rc4

linuxlinux_kernelMatch5.9.0rc5

linuxlinux_kernelMatch5.9.0rc6

Node

redhatenterprise_linuxMatch7.0

redhatenterprise_linuxMatch8.0

Node

opensuseleapMatch15.1

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

Node

opensuseleapMatch15.2

Node

netapph410cMatch-

AND

netapph410c_firmwareMatch-

Node

starwindsoftwarestarwind_virtual_sanMatchv8build12533vsphere

starwindsoftwarestarwind_virtual_sanMatchv8build12658vsphere

starwindsoftwarestarwind_virtual_sanMatchv8build12859vsphere

starwindsoftwarestarwind_virtual_sanMatchv8build13170vsphere

starwindsoftwarestarwind_virtual_sanMatchv8build13586vsphere

starwindsoftwarestarwind_virtual_sanMatchv8build13861vsphere

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel5.9.0cpe:2.3:o:linux:linux_kernel:5.9.0:rc1:*:*:*:*:*:*
linuxlinux_kernel5.9.0cpe:2.3:o:linux:linux_kernel:5.9.0:rc2:*:*:*:*:*:*
linuxlinux_kernel5.9.0cpe:2.3:o:linux:linux_kernel:5.9.0:rc3:*:*:*:*:*:*
linuxlinux_kernel5.9.0cpe:2.3:o:linux:linux_kernel:5.9.0:rc4:*:*:*:*:*:*
linuxlinux_kernel5.9.0cpe:2.3:o:linux:linux_kernel:5.9.0:rc5:*:*:*:*:*:*
linuxlinux_kernel5.9.0cpe:2.3:o:linux:linux_kernel:5.9.0:rc6:*:*:*:*:*:*
redhatenterprise_linux7.0cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
opensuseleap15.1cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	5.9.0	cpe:2.3:o:linux:linux_kernel:5.9.0:rc1::::::
linux	linux_kernel	5.9.0	cpe:2.3:o:linux:linux_kernel:5.9.0:rc2::::::
linux	linux_kernel	5.9.0	cpe:2.3:o:linux:linux_kernel:5.9.0:rc3::::::
linux	linux_kernel	5.9.0	cpe:2.3:o:linux:linux_kernel:5.9.0:rc4::::::
linux	linux_kernel	5.9.0	cpe:2.3:o:linux:linux_kernel:5.9.0:rc5::::::
linux	linux_kernel	5.9.0	cpe:2.3:o:linux:linux_kernel:5.9.0:rc6::::::
redhat	enterprise_linux	7.0	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
redhat	enterprise_linux	8.0	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
opensuse	leap	15.1	cpe:2.3:o:opensuse:leap:15.1:::::::*