CVE-2020-25221
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.
La función get_gate_page en el archivo mm/gup.c en el kernel de Linux versiones 5.7.x y versiones 5.8.x anteriores a 5.8.7, permite una escalada de privilegios debido al conteo de referencias incorrecto (causado por el manejo inapropiado de una página de puerta) de la página de estructura que respalda la página vsyscall. El resultado es un subdesbordamiento del conteo. Esto puede ser desencadenado por cualquier proceso de 64 bits que pueda usar las funciones ptrace() o process_vm_readv(), también se conoce como CID-9fa2dd946743
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-09-10 CVE Reserved
- 2020-09-10 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-672: Operation on a Resource after Expiration or Release
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2020/09/10/4 | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20201001-0003 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7 | 2023-02-02 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.7.0 < 5.8.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7.0 < 5.8.7" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Solidfire\, Enterprise Sds \& Hci Storage Node Search vendor "Netapp" for product "Solidfire\, Enterprise Sds \& Hci Storage Node" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Solidfire \& Hci Management Node Search vendor "Netapp" for product "Solidfire \& Hci Management Node" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Compute Node Search vendor "Netapp" for product "Hci Compute Node" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Solidfire Baseboard Management Controller Search vendor "Netapp" for product "Solidfire Baseboard Management Controller" | - | - |
Affected
| ||||||