CVE-2020-25643

CWE-20 — Improper Input Validation12 documents9 sources

Severity

7.2HIGH

EPSS

0.4%

top 38.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Debian Linux Opensuse Leap +2 more

Timeline

PublishedOct 6

Latest updateMay 24

Description

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages5 packages

▶NVDlinux/linux_kernel2.6.29 — 4.4.238+6

▶Debianlinux< 5.8.14-1+3

▶CVEListV5kernelLinux kernel versions before 5.9-rc7

▶NVDopensuse/leap15.1, 15.2+1

▶NVDstarwindsoftware/starwind_virtual_sanv8

Also affects: Debian Linux 10.0, 9.0, Enterprise Linux 7.0, 8.0

Patches

Patch: bugzilla.redhat.com ↗Patch: git.kernel.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-vhhq-pmj4-x7gm: A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5↗2022-05-24

▶

CVEList

CVE-2020-25643: A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5↗2020-10-06

▶

OSV

CVE-2020-25643: A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5↗2020-10-06

▶

📋Vendor Advisories

Ubuntu

Linux kernel (OEM) vulnerabilities↗2021-02-25

▶

Ubuntu

Linux kernel vulnerabilities↗2020-12-03

▶

Ubuntu

Linux kernel vulnerabilities↗2020-12-03

▶

Ubuntu

Linux kernel vulnerabilities↗2020-12-02

▶

Microsoft

▶

💬Community

Bugzilla

CVE-2020-25643 kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow↗2020-09-17

▶