Published: 06/10/2020 Updated: 16/05/2023

CVSS v2 Base Score: 7.5 | Impact Score: 8.5 | Exploitability Score: 6.8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 668

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:C

A flaw was found in the HDLC_PPP module of the Linux kernel in versions prior to 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 5.9.0
linux linux kernel
redhat enterprise linux 7.0
redhat enterprise linux 8.0
opensuse leap 15.1
debian debian linux 9.0
debian debian linux 10.0
opensuse leap 15.2
netapp h410c_firmware -
starwindsoftware starwind virtual san v8

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks CVE-2020-12351 Andy Nguyen discovered a flaw in the Bluetooth implementation in the way L2CAP packets with A2MP CID are handled A remote attacker in short dist ...

A flaw was found in the Linux kernel When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service Due to the nature of the flaw, privilege escalation cannot be fully ruled out (CVE-2020-14390) A flaw was found in the capabilities check of the rados block device functionality in the Linux ...

In the Linux kernel 5021 and 5311, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cachec because the pointer to a left data structure can be the same as the pointer to a right data structure (CVE-2019-19448) ...

CWE-20 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=66d42ed8b25b64eb63111a2b8582c5afc8bf1105 https://bugzilla.redhat.com/show_bug.cgi?id=1879981 http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html https://www.debian.org/security/2020/dsa-4774 https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://security.netapp.com/advisory/ntap-20201103-0002/https://www.starwindsoftware.com/security/sw-20210325-0002/https://access.redhat.com/errata/RHSA-2020:5441 https://nvd.nist.gov https://www.debian.org/security/2020/dsa-4774

CVE-2020-25643

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect