Vulnerability Details : CVE-2020-25643
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Vulnerability category: Memory CorruptionInput validationDenial of service
Products affected by CVE-2020-25643
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.9.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.9.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.9.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.9.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.9.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.9.0:rc6:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12533:*:*:*:vsphere:*:*
- cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12658:*:*:*:vsphere:*:*
- cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12859:*:*:*:vsphere:*:*
- cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13170:*:*:*:vsphere:*:*
- cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13586:*:*:*:vsphere:*:*
- cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13861:*:*:*:vsphere:*:*
Threat overview for CVE-2020-25643
Top countries where our scanners detected CVE-2020-25643
Top open port discovered on systems with this issue
80
IPs affected by CVE-2020-25643 169,000
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2020-25643!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2020-25643
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-25643
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:M/Au:S/C:P/I:P/A:C |
6.8
|
8.5
|
NIST | |
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2020-25643
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Primary)
References for CVE-2020-25643
-
https://bugzilla.redhat.com/show_bug.cgi?id=1879981
1879981 – (CVE-2020-25643) CVE-2020-25643 kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflowIssue Tracking;Patch;Third Party Advisory
-
https://www.starwindsoftware.com/security/sw-20210325-0002/
CVE-2020-25643 Linux Kernel vulnerability in StarWind VSAN for vSphere (VSA)Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html
[security-announce] openSUSE-SU-2020:1698-1: important: Security updateMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
[SECURITY] [DLA 2420-2] linux regression updateMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html
Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html
[SECURITY] [DLA 2417-1] linux-4.19 security updateMailing List;Third Party Advisory
-
https://www.debian.org/security/2020/dsa-4774
Debian -- Security Information -- DSA-4774-1 linuxThird Party Advisory
-
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=66d42ed8b25b64eb63111a2b8582c5afc8bf1105
kernel/git/torvalds/linux.git - Linux kernel source treeMailing List;Patch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
[SECURITY] [DLA 2420-1] linux security updateMailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20201103-0002/
CVE-2020-25643 Linux Kernel Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
Jump to