Vulnerability Details : CVE-2020-25645
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
Exploit prediction scoring system (EPSS) score for CVE-2020-25645
Probability of exploitation activity in the next 30 days: 0.74%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2020-25645
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
[email protected] |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
[email protected] |
CWE ids for CVE-2020-25645
-
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.Assigned by:
- [email protected] (Secondary)
- [email protected] (Primary)
References for CVE-2020-25645
-
https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html
Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html
Mailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html
Mailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html
Third Party Advisory;VDB Entry
-
https://www.debian.org/security/2020/dsa-4774
Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20201103-0004/
Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1883988
Exploit;Issue Tracking;Patch;Vendor Advisory
Products affected by CVE-2020-25645
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.9.0:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.9.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.9.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.9.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.9.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.9.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.9.0:rc6:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:hci_compute_node_bios:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:*