CVE-2020-25643

Advisory lineage Upstream: 0 Downstream: 32
Modified
Published: 06 Oct 2020, 00:00
Last modified:04 Aug 2024, 15:40

Vulnerability Summary

Overall Risk (default)
medium
30/100
CVSS Score
7.5 HIGH
v2.0 (nvd)
EPSS Score
0.26% LOW
0% probability -0.16%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

06 Oct 2020, 00:00
Published
Vulnerability first disclosed
04 Aug 2024, 15:40
Last Modified
Vulnerability information updated

Description

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS Metrics

  • v3.1HIGHScore: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • v2.0HIGHScore: 7.5AV:N/AC:M/Au:S/C:P/I:P/A:C

EPSS Trends

Current EPSS score: 0.26% Percentile: 50%

Techniques & Countermeasures

  • CWE-20Improper Input Validation

    The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Affected Systems

  • debiandebian_linux

    9.0 | 10.0

  • linuxlinux_kernel

    ≥ 2.6.29, < 4.4.238 | ≥ 4.5, < 4.9.238 | ≥ 4.10, < 4.14.200 | ≥ 4.15, < 4.19.148 | ≥ 4.20, < 5.4.68 | ≥ 5.5, < 5.8.12 | 5.9.0:rc1 | 5.9.0:rc2 | 5.9.0:rc3 | 5.9.0:rc4 | 5.9.0:rc5 | 5.9.0:rc6

  • netapph410c_firmware

    na

  • opensuseleap

    15.1 | 15.2

  • redhatenterprise_linux

    7.0 | 8.0

  • starwindsoftwarestarwind_virtual_san

    v8:build12533 | v8:build12658 | v8:build12859 | v8:build13170 | v8:build13586 | v8:build13861

References (10)