CVE-2020-25645Cleartext Transmission of Sensitive Info in Kernel

CWE-319Cleartext Transmission of Sensitive Info14 documents9 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 39.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelCanonical Ubuntu LinuxDebian Linux+1 more
Timeline
PublishedOct 13
Latest updateMay 24

Description

A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel< 5.9.0+1
Debianlinux/linux_kernel< 5.8.14-1+3
CVEListV5linux/linux_kernelLinux kernel versions before 5.9-rc7
NVDopensuse/leap15.1, 15.2+1

Also affects: Debian Linux 10.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 20.04

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-gpwj-xrhp-6hpw: A flaw was found in the Linux kernel in versions before 52022-05-24
OSV
CVE-2020-25645: A flaw was found in the Linux kernel in versions before 52020-10-13
CVEList
CVE-2020-25645: A flaw was found in the Linux kernel in versions before 52020-10-13

📋Vendor Advisories

8
Ubuntu
Linux kernel (OEM) vulnerabilities2021-04-13
Ubuntu
Kernel Live Patch Security Notice2021-01-26
Ubuntu
Linux kernel vulnerabilities2020-12-03
Ubuntu
Linux kernel vulnerabilities2020-12-03
Ubuntu
Linux kernel vulnerabilities2020-12-02

💬Community

2
Bugzilla
CVE-2020-25645 kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints [fedora-all]2020-10-08
Bugzilla
CVE-2020-25645 kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints2020-09-30
CVE-2020-25645 — Linux Kernel vulnerability | cvebase