CVE-2020-25212
First published: Wed Sep 09 2020(Updated: )
A flaw was found in the NFSv4 implementation where when mounting a remote attacker controlled server it could return specially crafted response allow for local memory corruption and possibly privilege escalation.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.11.1.rt56.1145.el7 | 0:3.10.0-1160.11.1.rt56.1145.el7 |
| redhat/kernel-alt | <0:4.14.0-115.32.1.el7a | 0:4.14.0-115.32.1.el7a |
| redhat/kernel | <0:3.10.0-1160.11.1.el7 | 0:3.10.0-1160.11.1.el7 |
| redhat/kernel | <0:3.10.0-693.82.1.el7 | 0:3.10.0-693.82.1.el7 |
| redhat/kernel | <0:3.10.0-957.70.1.el7 | 0:3.10.0-957.70.1.el7 |
| redhat/kernel | <0:3.10.0-1062.45.1.el7 | 0:3.10.0-1062.45.1.el7 |
| redhat/kernel-rt | <0:4.18.0-305.rt7.72.el8 | 0:4.18.0-305.rt7.72.el8 |
| redhat/kernel | <0:4.18.0-305.el8 | 0:4.18.0-305.el8 |
| Linux Kernel | <5.8.3 | |
| Debian | =9.0 | |
| SUSE Linux | =15.1 | |
| SUSE Linux | =15.2 | |
| Ubuntu | =14.04 | |
| Ubuntu | =16.04 | |
| Ubuntu | =18.04 | |
| Ubuntu | =20.04 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.17-1 |
Remedy
While there is no known mitigation to this flaw, configuring authentication and only mounting authenticated NFSv4 servers will significantly reduce the risk of this flaw being successfully exploited.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-25212 https://nvd.nist.gov/vuln/detail/CVE-2020-25212
- https://bugzilla.redhat.com/show_bug.cgi?id=1877575
- https://access.redhat.com/errata/RHSA-2020:5441
- https://access.redhat.com/errata/RHSA-2020:4279
- https://access.redhat.com/errata/RHSA-2020:5437
- https://access.redhat.com/errata/RHSA-2021:0760
- https://access.redhat.com/errata/RHSA-2021:0878
- https://access.redhat.com/errata/RHSA-2021:0526
- https://access.redhat.com/errata/RHSA-2021:1739
- https://access.redhat.com/errata/RHSA-2021:1578
- https://access.redhat.com/security/cve/cve-2020-25212
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.3
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b4487b93545214a9db8cbf32e86411677b0cca21
- https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
- https://twitter.com/grsecurity/status/1303370421958578179
- https://usn.ubuntu.com/4525-1/
- https://usn.ubuntu.com/4527-1/
- https://usn.ubuntu.com/4578-1/
- https://launchpad.net/bugs/cve/CVE-2020-25212
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1877576
- https://git.kernel.org/linus/b4487b93545214a9db8cbf32e86411677b0cca21
- https://security-tracker.debian.org/tracker/CVE-2020-25212
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25212
- https://nvd.nist.gov/vuln/detail/CVE-2020-25212
- https://ubuntu.com/security/CVE-2020-25212
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2020-25212?
CVE-2020-25212 has a high severity rating due to the potential for memory corruption and privilege escalation.
How do I fix CVE-2020-25212?
To fix CVE-2020-25212, update to the latest kernel versions provided in the remediation section for your specific distribution.
Which software is affected by CVE-2020-25212?
CVE-2020-25212 affects various versions of the Linux kernel, particularly those prior to version 5.8.3.
Can CVE-2020-25212 lead to a security risk?
Yes, CVE-2020-25212 can lead to significant security risks including unauthorized privilege escalation.
Is CVE-2020-25212 a remote attack vulnerability?
Yes, CVE-2020-25212 can be exploited by a remote attacker through specially crafted NFS requests.
- collector/redhat-cve
- collector/launchpad-cve
- source/Launchpad
- agent/type
- agent/weakness
- agent/first-publish-date
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-25212
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/last-modified-date
- agent/trending
- agent/source
- agent/author
- collector/usn-cve
- source/Ubuntu
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/description
- agent/tags
- agent/softwarecombine
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- vendor/debian
- canonical/debian
- version/debian/9.0
- vendor/opensuse
- canonical/suse linux
- version/suse linux/15.1
- version/suse linux/15.2
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/14.04
- version/ubuntu/16.04
- version/ubuntu/18.04
- version/ubuntu/20.04
- package-manager/debian