Main Vulnerability Database SB2020090931

SB2020090931 - Buffer overflow in netfilter in Linux kernel

Published: September 9, 2020 Updated: March 17, 2021

Security Bulletin ID SB2020090931

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2020-25211)

The vulnerability allows a local user to crash the system.

The vulnerability exists due to a boundary error within the ctnetlink_parse_tuple_filter() function in net/netfilter/nf_conntrack_netlink.c. A local user can inject conntrack netlink configuration, trigger buffer overflow and crash the kernel or force usage of incorrect protocol numbers.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6
https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BL2O4JAMPJG4YMLLJ7JFDHDJRXN4RKTC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLDYVOM4OS55HA45Y3UEVLDHYGFXPZUX/
https://security.netapp.com/advisory/ntap-20201009-0001/
https://twitter.com/grsecurity/status/1303646421158109185
https://www.debian.org/security/2020/dsa-4774