PT-2020-16020 · Linux+7 · Linux Kernel+7

Will Mcvicker

·

Published

2020-09-09

·

Updated

2022-11-16

·

CVE-2020-25211

CVSS v3.1

6.0

Medium

VectorAV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.8.8
Description The issue allows local attackers to inject conntrack netlink configuration, potentially overflowing a local buffer. This can cause system crashes or result in the use of incorrect protocol numbers in the ctnetlink parse tuple filter function located in net/netfilter/nf conntrack netlink.c.
Recommendations For Linux kernel versions prior to 5.8.8, update to version 5.8.8 or later to resolve the issue.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALT-PU-2020-2757
ALT-PU-2020-2770
ALT-PU-2020-3210
ALT-PU-2020-3553
ALT-PU-2021-1083
ALT-PU-2021-1105
ALT-PU-2021-1621
ALT-PU-2021-1656
ALT-PU-2021-1739
ALT-PU-2021-1862
ALT-PU-2021-1866
ALT-PU-2021-1870
CESA-2021_0003
CESA-2021_0004
CESA-2021_0856
CVE-2020-25211
DLA-2417-1
DLA-2420-1
DLA-2420-2
DSA-4774-1
MGASA-2020-0392
OESA-2021-1475
OPENSUSE-SU-2021:0241-1
OPENSUSE-SU-2021_0241-1
RHSA-2021:0003
RHSA-2021:0004
RHSA-2021:0184
RHSA-2021:0189
RHSA-2021:0763
RHSA-2021:0765
RHSA-2021:0774
RHSA-2021:0856
RHSA-2021:0857
RHSA-2021:1531
RHSA-2021:2164
RHSA-2021:2355
RHSA-2021_0003
RHSA-2021_0004
RHSA-2021_0856
RHSA-2021_0857
SUSE-SU-2021:0347-1
SUSE-SU-2021:0353-1
SUSE-SU-2021:0354-1
SUSE-SU-2021:0427-1
SUSE-SU-2021:0434-1
SUSE-SU-2021:0437-1
SUSE-SU-2021:0438-1
SUSE-SU-2021:0452-1
SUSE-SU-2021:14630-1
SUSE-SU-2021_0347-1
SUSE-SU-2021_0353-1
SUSE-SU-2021_0354-1
SUSE-SU-2021_0427-1
SUSE-SU-2021_14630-1
USN-4657-1
USN-4658-1
USN-4658-2
USN-4660-1
USN-4660-2

Affected Products

Alt Linux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu