mend-bolt-for-github[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
CVE-2020-25211 - Medium Severity Vulnerability
The Linux Kernel
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: 03cb3c6f0e0b62b5cbcd747df63781fbb2a6ef66
Found in base branch: master
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff. Mend Note: After conducting further research, Mend has determined that CVE-2020-25211 only affects environments with versions v2.6.11-tree--v4.4.238, v4.5-rc1--v4.9.238, v4.10-rc1--v4.14.200, v4.15-rc1--v4.19.149, v5.0-rc1--v5.4.69, v5.5-rc1--v5.8.12 and v5.9-rc1--v5.9-rc6 of Linux Kernel.
Publish Date: 2020-09-09
URL: CVE-2020-25211
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: High - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Release Date: 2020-09-09
Fix Resolution: v4.4.239,v4.9.239,v4.14.201,v4.19.150,v5.4.70,v5.8.13,v5.9-rc7
Step up your Open Source Security Game with Mend here