CVE-2020-25212
First published: Wed Sep 09 2020(Updated: )
A flaw was found in the NFSv4 implementation where when mounting a remote attacker controlled server it could return specially crafted response allow for local memory corruption and possibly privilege escalation.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.11.1.rt56.1145.el7 | 0:3.10.0-1160.11.1.rt56.1145.el7 |
| redhat/kernel-alt | <0:4.14.0-115.32.1.el7a | 0:4.14.0-115.32.1.el7a |
| redhat/kernel | <0:3.10.0-1160.11.1.el7 | 0:3.10.0-1160.11.1.el7 |
| redhat/kernel | <0:3.10.0-693.82.1.el7 | 0:3.10.0-693.82.1.el7 |
| redhat/kernel | <0:3.10.0-957.70.1.el7 | 0:3.10.0-957.70.1.el7 |
| redhat/kernel | <0:3.10.0-1062.45.1.el7 | 0:3.10.0-1062.45.1.el7 |
| redhat/kernel-rt | <0:4.18.0-305.rt7.72.el8 | 0:4.18.0-305.rt7.72.el8 |
| redhat/kernel | <0:4.18.0-305.el8 | 0:4.18.0-305.el8 |
| Linux Kernel | <5.8.3 | |
| Debian Debian Linux | =9.0 | |
| openSUSE | =15.1 | |
| openSUSE | =15.2 | |
| Ubuntu Linux | =14.04 | |
| Ubuntu Linux | =16.04 | |
| Ubuntu Linux | =18.04 | |
| Ubuntu Linux | =20.04 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.10-1 6.12.11-1 |
Remedy
While there is no known mitigation to this flaw, configuring authentication and only mounting authenticated NFSv4 servers will significantly reduce the risk of this flaw being successfully exploited.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-25212 https://nvd.nist.gov/vuln/detail/CVE-2020-25212
- https://bugzilla.redhat.com/show_bug.cgi?id=1877575
- https://access.redhat.com/errata/RHSA-2020:5441
- https://access.redhat.com/errata/RHSA-2020:4279
- https://access.redhat.com/errata/RHSA-2020:5437
- https://access.redhat.com/errata/RHSA-2021:0760
- https://access.redhat.com/errata/RHSA-2021:0878
- https://access.redhat.com/errata/RHSA-2021:0526
- https://access.redhat.com/errata/RHSA-2021:1739
- https://access.redhat.com/errata/RHSA-2021:1578
- https://access.redhat.com/security/cve/cve-2020-25212
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.3
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b4487b93545214a9db8cbf32e86411677b0cca21
- https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
- https://twitter.com/grsecurity/status/1303370421958578179
- https://usn.ubuntu.com/4525-1/
- https://usn.ubuntu.com/4527-1/
- https://usn.ubuntu.com/4578-1/
- https://launchpad.net/bugs/cve/CVE-2020-25212
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1877576
- https://git.kernel.org/linus/b4487b93545214a9db8cbf32e86411677b0cca21
- https://security-tracker.debian.org/tracker/CVE-2020-25212
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25212
- https://nvd.nist.gov/vuln/detail/CVE-2020-25212
- https://ubuntu.com/security/CVE-2020-25212
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- collector/launchpad-cve
- source/Launchpad
- agent/type
- agent/weakness
- agent/first-publish-date
- agent/author
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-25212
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- agent/last-modified-date
- agent/trending
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/15.1
- version/opensuse/15.2
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/14.04
- version/ubuntu linux/16.04
- version/ubuntu linux/18.04
- version/ubuntu linux/20.04
- package-manager/debian