Published: 06/10/2020 Updated: 21/11/2022

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 436

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

A flaw was found in the Linux kernel's implementation of biovecs in versions prior to 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 5.9.0
linux linux kernel
redhat enterprise linux 7.0
redhat enterprise linux 8.0
opensuse leap 15.1
opensuse leap 15.2
debian debian linux 9.0
canonical ubuntu linux 18.04
canonical ubuntu linux 20.04

Synopsis Moderate: kernel security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...

Synopsis Moderate: kernel security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...

Synopsis Moderate: kernel-alt security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel-alt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CV ...

Synopsis Moderate: kernel-rt security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerab ...

Synopsis Moderate: OpenShift Container Platform 4612 extras and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4612 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has ra ...

Synopsis Moderate: OpenShift Container Platform 4612 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4612 is now available withupdates to packages and images that fix several bugsThis release includes a security update for Red Hat ...

Synopsis Moderate: kernel-rt security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS ...

Synopsis Moderate: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...

In the Linux kernel 5021 and 5311, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cachec because the pointer to a left data structure can be the same as the pointer to a right data structure (CVE-2019-19448) ...

A flaw was found in the Linux kernel's implementation of BTRFS free space management, where the kernel does not correctly manage the lifetime of internal data structures used An attacker could use this flaw to corrupt memory or escalate privileges (CVE-2019-19448) A use-after-free flaw was found in the debugfs_remove function in the Linux kernel ...

oss-sec mailing list archives   By Date By Thread </form>    Re: CVE-2020-25641 kernel: soft lockup when submitting zero length bvecs   ...

CWE-835 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7e24969022cbd61ddc586f14824fc205661bb124 https://www.kernel.org/doc/html/latest/block/biovecs.html https://bugzilla.redhat.com/show_bug.cgi?id=1881424 http://www.openwall.com/lists/oss-security/2020/10/06/9 http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html https://usn.ubuntu.com/4576-1/http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2020:5374 https://alas.aws.amazon.com/ALAS-2020-1437.html

Get Started

CVE-2020-25641

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect