CVE-2020-25221
First published: Thu Sep 10 2020(Updated: )
get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | >=5.7.0<5.8.7 | |
| Netapp Cloud Backup | ||
| IBM Cloud Pak for Business Automation | ||
| Netapp Solidfire \& Hci Management Node | ||
| Netapp Hci Compute Node | ||
| Netapp Solidfire Baseboard Management Controller |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2020/09/10/4
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7
- https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a
- https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2
- https://security.netapp.com/advisory/ntap-20201001-0003/
- https://www.openwall.com/lists/oss-security/2020/09/08/4
Frequently Asked Questions
What is CVE-2020-25221?
CVE-2020-25221 is a vulnerability in the Linux kernel that allows privilege escalation due to incorrect reference counting of the struct page that backs the vsyscall page.
How does CVE-2020-25221 affect Linux kernel?
CVE-2020-25221 affects Linux kernel versions 5.7.x and 5.8.x before 5.8.7.
What is the severity of CVE-2020-25221?
CVE-2020-25221 has a severity rating of 7.8 (high).
Which software is affected by CVE-2020-25221?
CVE-2020-25221 affects Linux kernel and Netapp Cloud Backup, Netapp Solidfire, Netapp HCI Storage Node, Netapp HCI Management Node, Netapp HCI Compute Node, and Netapp Solidfire Baseboard Management Controller.
How can I fix CVE-2020-25221?
To fix CVE-2020-25221, upgrade to Linux kernel version 5.8.7 or later.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/author
- agent/remedy
- agent/description
- agent/event
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/5.7.0
- vendor/netapp
- canonical/netapp cloud backup
- canonical/netapp solidfire\, enterprise sds \& hci storage node
- canonical/netapp solidfire \& hci management node
- canonical/netapp hci compute node
- canonical/netapp solidfire baseboard management controller