Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2020-25645

Published: 13/10/2020 Updated: 26/03/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Linux Kernel

Vulnerability Summary

A flaw was found in the Linux kernel in versions prior to 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

linux linux kernel 5.9.0

debian debian linux 9.0

debian debian linux 10.0

netapp solidfire \\& hci management node -

netapp solidfire \\& hci storage node -

opensuse leap 15.1

opensuse leap 15.2

netapp hci_compute_node_bios -

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

canonical ubuntu linux 20.04

Vendor Advisories

Debian Security Advisories: DSA-4774-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks CVE-2020-12351 Andy Nguyen discovered a flaw in the Bluetooth implementation in the way L2CAP packets with A2MP CID are handled A remote attacker in short dist ...
Amazon Linux 2: ALAS2-2020-1520
A flaw was found in the Linux kernel When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service Due to the nature of the flaw, privilege escalation cannot be fully ruled out (CVE-2020-14390) A flaw was found in the capabilities check of the rados block device functionality in the Linux ...
Amazon Linux AMI: ALAS-2020-1437
In the Linux kernel 5021 and 5311, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cachec because the pointer to a left data structure can be the same as the pointer to a right data structure (CVE-2019-19448) ...

References

CWE-319https://bugzilla.redhat.com/show_bug.cgi?id=1883988http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.htmlhttps://www.debian.org/security/2020/dsa-4774https://lists.debian.org/debian-lts-announce/2020/10/msg00028.htmlhttps://security.netapp.com/advisory/ntap-20201103-0004/https://lists.debian.org/debian-lts-announce/2020/12/msg00027.htmlhttp://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.htmlhttps://nvd.nist.govhttps://www.debian.org/security/2020/dsa-4774
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook