CVE-2020-25645

Опубликовано: 13 окт. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1883988
Exploit
Issue Tracking
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20201103-0004/
Third Party Advisory
https://www.debian.org/security/2020/dsa-4774
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1883988
Exploit
Issue Tracking
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20201103-0004/
Third Party Advisory
https://www.debian.org/security/2020/dsa-4774
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 5.9.0 (исключая)

cpe:2.3:o:linux:linux_kernel:5.9.0:-:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.9.0:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.9.0:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.9.0:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.9.0:rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.9.0:rc5:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.9.0:rc6:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:netapp:hci_compute_node_bios:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Конфигурация 6

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

EPSS

Процентиль: 25%

0.00083

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-319

Связанные уязвимости

CVE-2020-25645

CVSS3: 7.5

ubuntu

почти 5 лет назад

CVE-2020-25645

CVSS3: 7.5

redhat

почти 5 лет назад

CVE-2020-25645

CVSS3: 7.5

msrc

почти 5 лет назад

Описание отсутствует

CVE-2020-25645

CVSS3: 7.5

debian

почти 5 лет назад

A flaw was found in the Linux kernel in versions before 5.9-rc7. Traff ...

SUSE-SU-2020:3433-1

suse-cvrf

почти 5 лет назад

Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP3)

EPSS

Процентиль: 25%

0.00083

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-319