In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.
Mend Note: After conducting further research, Mend has determined that CVE-2020-25211 only affects environments with versions v2.6.11-tree--v4.4.238, v4.5-rc1--v4.9.238, v4.10-rc1--v4.14.200, v4.15-rc1--v4.19.149, v5.0-rc1--v5.4.69, v5.5-rc1--v5.8.12 and v5.9-rc1--v5.9-rc6 of Linux Kernel.
CVE-2020-25211 - Medium Severity Vulnerability
Vulnerable Library - linuxlinux-4.19.238
The Linux Kernel
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: 05c0743befb9102e2ecb9fbd0fa8eb43eb8bb5ec
Found in base branch: master
Vulnerable Source Files (1)
/net/netfilter/nf_conntrack_netlink.c
Vulnerability Details
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff. Mend Note: After conducting further research, Mend has determined that CVE-2020-25211 only affects environments with versions v2.6.11-tree--v4.4.238, v4.5-rc1--v4.9.238, v4.10-rc1--v4.14.200, v4.15-rc1--v4.19.149, v5.0-rc1--v5.4.69, v5.5-rc1--v5.8.12 and v5.9-rc1--v5.9-rc6 of Linux Kernel.
Publish Date: 2020-09-09
URL: CVE-2020-25211
CVSS 3 Score Details (6.0)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: High - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2020-09-09
Fix Resolution: v4.4.239,v4.9.239,v4.14.201,v4.19.150,v5.4.70,v5.8.13,v5.9-rc7
Step up your Open Source Security Game with Mend here