Vulnerability Details : CVE-2020-25220

The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature.

Vulnerability category: Memory Corruption

Published 2020-09-10 02:15:12

Updated 2021-01-20 14:25:47

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2020-25220

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 12 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2020-25220

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	nvd@nist.gov
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	nvd@nist.gov
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-25220

CWE-416 Use After Free

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-25220

https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

[SECURITY] [DLA 2420-2] linux regression update
Mailing List;Third Party Advisory

CVEs referencing this url
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.14.y&id=82fd2138a5ffd7e0d4320cdb669e115ee976a26e

kernel/git/stable/linux.git - Linux kernel stable tree
Issue Tracking;Patch;Vendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.233

Release Notes;Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1868453

1868453 – (CVE-2020-14356) CVE-2020-14356 kernel: Use After Free vulnerability in cgroup BPF component
Issue Tracking;Patch;Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

[SECURITY] [DLA 2420-1] linux security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.194

Release Notes;Vendor Advisory
https://www.spinics.net/lists/stable/msg405099.html

[PATCH stable-4.9] cgroup: add missing skcd->no_refcnt check in cgroup_sk_alloc() — Linux Stable Kernel Updates
Mailing List;Patch;Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.140

Release Notes;Vendor Advisory
https://security.netapp.com/advisory/ntap-20201001-0004/

CVE-2020-25220 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security
Third Party Advisory

Products affected by CVE-2020-25220

Linux » Linux Kernel
Versions from including (>=) 4.19 and before (<) 4.19.140
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.9.0 and before (<) 4.9.233
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.14 and before (<) 4.14.194
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions