Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-25645
HistoryOct 13, 2020 - 12:00 a.m.

CVE-2020-25645

2020-10-1300:00:00
ubuntu.com
ubuntu.com
27

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.008

Percentile

81.7%

A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic
between two Geneve endpoints may be unencrypted when IPsec is configured to
encrypt traffic for the specific UDP port used by the GENEVE tunnel
allowing anyone between the two endpoints to read the traffic unencrypted.
The main threat from this vulnerability is to data confidentiality.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-126.129UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-56.62UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-197.229UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1088.93UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1030.31UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1082.86UNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1118.132UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< 5.4.0-1030.31~18.04.1UNKNOWN
ubuntu16.04noarchlinux-aws-hwe< 4.15.0-1088.93~16.04.1UNKNOWN
ubuntu20.04noarchlinux-azure< 5.4.0-1032.33UNKNOWN
Rows per page:
1-10 of 421

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.008

Percentile

81.7%