CVE-2020-25212
kernel: TOCTOU mismatch in the NFS client code
Severity Score
Exploit Likelihood
Affected Versions
8Public Exploits
0Exploited in Wild
-Decision
Descriptions
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.
Una discrepancia de TOCTOU en el código del cliente NFS en el kernel de Linux versiones anteriores a 5.8.3, podría ser usada por atacantes locales para dañar la memoria o posiblemente tener otro impacto no especificado porque una comprobación de tamaño se encuentra en el archivo fs/nfs/nfs4proc.c en lugar de fs/nfs/nfs4xdr.c, también se conoce como CID-b4487b935452.
A flaw was found in the NFSv4 implementation where when mounting a remote attacker controlled server it could return specially crafted response allow for local memory corruption and possibly privilege escalation.
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-09-09 CVE Reserved
- 2020-09-09 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
- CWE-787: Out-of-bounds Write
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2020/0... | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2020/1... | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2020/1... | Mailing List |
|
| https://twitter.com/grsecurity/status/1303370421958... | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-... | 2022-04-28 | |
| http://lists.opensuse.org/opensuse-security-announce/2020-... | 2022-04-28 | |
| http://lists.opensuse.org/opensuse-security-announce/2020-... | 2022-04-28 | |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.3 | 2022-04-28 | |
| https://usn.ubuntu.com/4525-1 | 2022-04-28 | |
| https://usn.ubuntu.com/4527-1 | 2022-04-28 | |
| https://usn.ubuntu.com/4578-1 | 2022-04-28 | |
| https://access.redhat.com/security/cve/CVE-2020-25212 | 2021-05-18 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1877575 | 2021-05-18 |