PT-2020-5048 · Linux+7 · Linux Kernel+7

Grsecurity

·

Published

2020-09-05

·

Updated

2022-04-28

·

CVE-2020-25285

CVSS v2.0

6.6

Medium

VectorAV:L/AC:M/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.8.8
Description The issue is related to a race condition between hugetlb sysctl handlers in the Linux kernel, which can be exploited by local attackers to corrupt memory, cause a NULL pointer dereference, or have unspecified other impact. This is due to errors in synchronization when using a shared resource.
Recommendations For Linux kernel versions prior to 5.8.8, update to version 5.8.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the hugetlb sysctl handlers to minimize the risk of exploitation.

Fix

Race Condition

NULL Pointer Dereference

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-476CWE-787

Related Identifiers

ALSA-2021:1578
ALT-PU-2020-2757
ALT-PU-2020-2770
ALT-PU-2020-3210
ALT-PU-2020-3553
ALT-PU-2021-1083
ALT-PU-2021-1105
ALT-PU-2021-1621
ALT-PU-2021-1656
ALT-PU-2021-1739
ALT-PU-2021-1862
ALT-PU-2021-1866
ALT-PU-2021-1870
BDU:2020-05635
CESA-2021_1578
CESA-2021_1739
CVE-2020-25285
DLA-2385-1
DLA-2420-1
DLA-2420-2
MGASA-2020-0392
OPENSUSE-SU-2020:1906-1
OPENSUSE-SU-2020:2112-1
OPENSUSE-SU-2020_1906-1
OPENSUSE-SU-2020_2112-1
OPENSUSE-SU-2021:0242-1
OPENSUSE-SU-2021_0242-1
RHSA-2021:1578
RHSA-2021:1739
RHSA-2021_1578
RHSA-2021_1739
SUSE-SU-2020:3122-1
SUSE-SU-2020:3272-1
SUSE-SU-2020:3281-1
SUSE-SU-2020:3326-1
SUSE-SU-2020:3484-1
SUSE-SU-2020:3491-1
SUSE-SU-2020:3512-1
SUSE-SU-2020:3513-1
SUSE-SU-2020:3522-1
SUSE-SU-2020:3532-1
SUSE-SU-2020:3544-1
SUSE-SU-2021:0437-1
SUSE-SU-2021:0452-1
SUSE-SU-2021:14630-1
SUSE-SU-2021_14630-1
USN-4576-1
USN-4579-1
USN-4660-1
USN-4660-2
USN-4912-1

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu