CVE-2020-25285
kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.
Una condición de carrera entre los manejadores hugetlb sysctl en el archivo mm/hugetlb.c en el kernel de Linux versiones anteriores a 5.8.8, podría ser usada por atacantes locales para corromper la memoria, causar una desreferencia del puntero NULL o posiblemente tener otro impacto no especificado, también se conoce como CID-17743798d812
A flaw was found in the Linux kernels sysctl handling code for hugepages management. When multiple root level processes would write to modify the /proc/sys/vm/nr_hugepages file it could create a race on internal variables leading to a system crash or memory corruption.
Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-09-13 CVE Reserved
- 2020-09-13 CVE Published
- 2024-08-04 CVE Updated
- 2025-05-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
- CWE-476: NULL Pointer Dereference
- CWE-787: Out-of-bounds Write
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html | Mailing List |
|
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html | Mailing List |
|
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html | Mailing List |
|
https://security.netapp.com/advisory/ntap-20201009-0002 | Third Party Advisory |
|
https://twitter.com/grsecurity/status/1303749848898904067 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17743798d81238ab13050e8e2833699b54e15467 | 2022-04-28 |
URL | Date | SRC |
---|---|---|
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.8 | 2022-04-28 | |
https://usn.ubuntu.com/4576-1 | 2022-04-28 | |
https://usn.ubuntu.com/4579-1 | 2022-04-28 | |
https://access.redhat.com/security/cve/CVE-2020-25285 | 2021-05-18 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1882591 | 2021-05-18 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.8.8 Search vendor "Linux" for product "Linux Kernel" and version " < 5.8.8" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | lts |
Affected
|