CVE-2020-25643

moderate-risk

Published 2020-10-06

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Do I need to act?

0.41% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.2/10 High

NETWORK / LOW complexity

Affected Products (20)

Linux Kernel

Enterprise Linux

Leap

Debian Linux

Leap

H410C Firmware

Starwind Virtual San

Affected Vendors

Debian Redhat Linux Netapp Opensuse Starwindsoftware

References (20)

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1879981

Mailing List https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=66...

Mailing List https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html

Mailing List https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

Mailing List https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

Third Party Advisory https://security.netapp.com/advisory/ntap-20201103-0002/

Third Party Advisory https://www.debian.org/security/2020/dsa-4774

Third Party Advisory https://www.starwindsoftware.com/security/sw-20210325-0002/