CVE-2020-25641 — Infinite Loop in Kernel
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 6
Latest updateMay 24
Description
A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
Also affects: Enterprise Linux 7.0, 8.0, Debian Linux 9.0, Ubuntu Linux 18.04, 20.04
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-8c9g-77vh-m2jv: A flaw was found in the Linux kernel's implementation of biovecs in versions before 5↗2022-05-24
CVEList▶
CVE-2020-25641: A flaw was found in the Linux kernel's implementation of biovecs in versions before 5↗2020-10-06
OSV▶
CVE-2020-25641: A flaw was found in the Linux kernel's implementation of biovecs in versions before 5↗2020-10-06
📋Vendor Advisories
6Microsoft▶
A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop↗2020-10-13