Lucene search

[email protected]NVD:CVE-2020-25704

HistoryDec 02, 2020 - 1:15 a.m.

CVE-2020-25704

2020-12-0201:15:12

CWE-401

[email protected]

web.nvd.nist.gov

cve-2020-25704

memory leak

linux kernel

performance monitoring

denial of service

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.9

Confidence

High

EPSS

Percentile

5.1%

JSON

A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.

Affected configurations

Nvd

Node

linuxlinux_kernelRange≤5.9

linuxlinux_kernelMatch5.10rc1

linuxlinux_kernelMatch5.10rc2

Node

debiandebian_linuxMatch9.0

Node

starwindsoftwarecommand_centerMatch-

starwindsoftwarestarwind_hyperconverged_applianceMatch-

starwindsoftwarestarwind_san_\&_nasMatchv8r12

starwindsoftwarestarwind_virtual_sanMatchv8build14398

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel5.10cpe:2.3:o:linux:linux_kernel:5.10:rc1:*:*:*:*:*:*
linuxlinux_kernel5.10cpe:2.3:o:linux:linux_kernel:5.10:rc2:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
starwindsoftwarecommand_center-cpe:2.3:a:starwindsoftware:command_center:-:*:*:*:*:*:*:*
starwindsoftwarestarwind_hyperconverged_appliance-cpe:2.3:a:starwindsoftware:starwind_hyperconverged_appliance:-:*:*:*:*:*:*:*
starwindsoftwarestarwind_san_\&_nasv8r12cpe:2.3:a:starwindsoftware:starwind_san_\&_nas:v8r12:*:*:*:*:*:*:*
starwindsoftwarestarwind_virtual_sanv8cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14398:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	5.10	cpe:2.3:o:linux:linux_kernel:5.10:rc1::::::
linux	linux_kernel	5.10	cpe:2.3:o:linux:linux_kernel:5.10:rc2::::::
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*
starwindsoftware	command_center	-	cpe:2.3:a:starwindsoftware:command_center:-:::::::*
starwindsoftware	starwind_hyperconverged_appliance	-	cpe:2.3:a:starwindsoftware:starwind_hyperconverged_appliance:-:::::::*
starwindsoftware	starwind_san_\&_nas	v8r12	cpe:2.3:a:starwindsoftware:starwind_san_\&_nas:v8r12:::::::*
starwindsoftware	starwind_virtual_san	v8	cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14398::::::