VDB
CVE-2020-25221
CVE-2020-25221
PUBLISHED
get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.
EPSS 0.19% · 41.1th percentile
Risk Scores
EPSS Score
0.19%
41.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | linux-hwe-edge | 5.3.0-19.20~18.04.2, 5.3.0-22.24~18.04.1, 5.3.0-23.25~18.04.1 |
| Ubuntu:Pro:14.04:LTS | linux-aws | 0, 4.4.0-1055.59, 4.4.0-1094.99 |
| Ubuntu:18.04:LTS | linux-gcp-edge | 4.18.0-1015.16~18.04.1, 5.0.0-1013.13~18.04.1, * |
| Ubuntu:18.04:LTS | linux-gcp | 4.15.0-1023.24, 4.15.0-1024.25, 4.15.0-1025.26 |
| Ubuntu:18.04:LTS | linux-aws-5.0 | 0, 5.0.0-1022.25~18.04.1, 5.0.0-1024.27~18.04.1 |
| Ubuntu:18.04:LTS | linux-azure-5.3 | *, *, * |
| Ubuntu:18.04:LTS | linux-azure | *, 4.15.0-1013.13, * |
| Ubuntu:18.04:LTS | linux-azure-edge | 5.0.0-1012.12~18.04.2, 4.18.0-1008.8~18.04.1, 4.18.0-1007.7~18.04.1 |
| Ubuntu:18.04:LTS | linux-oracle-5.3 | *, *, * |
| Ubuntu:18.04:LTS | linux-aws-5.3 | 5.3.0-1032.34~18.04.2, 5.3.0-1028.30~18.04.1, 5.3.0-1023.25~18.04.1 |
| Ubuntu:20.04:LTS | linux-raspi2 | 5.3.0-1014.16, 0, 5.3.0-1007.8 |
| Ubuntu:Pro:14.04:LTS | linux-azure | 4.15.0-1112.124~14.04.1, 4.15.0-1113.126~14.04.1, 4.15.0-1114.127~14.04.1 |
| Ubuntu:Pro:14.04:LTS | linux-lts-xenial | *, 0, 4.4.0-13.29~14.04.1 |
| Ubuntu:Pro:14.04:LTS | linux | 3.13.0-174.225, 3.13.0-181.232, 3.12.0-3.8 |
| Ubuntu:18.04:LTS | linux-oracle-5.0 | 0, 5.0.0-1007.12~18.04.1, 5.0.0-1009.14~18.04.1 |
| Ubuntu:18.04:LTS | linux-gcp-5.3 | 5.3.0-1016.17~18.04.1, 0, 5.3.0-1008.9~18.04.1 |
| Ubuntu:16.04:LTS | linux-hwe-edge | 4.13.0-17.20~16.04.1, 4.13.0-19.22~16.04.1, 4.13.0-21.24~16.04.1 |
Exploit Intelligence
- https://www.openwall.com/lists/oss-security/2020/09/08/4 (circl)
- https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2 (circl)
- https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a (circl)
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7 (circl)
- [oss-security] 20200910 Re: CVE Request: Linux kernel vsyscall page refcounting error (circl)
- https://security.netapp.com/advisory/ntap-20201001-0003/ (circl)
Timeline
- Sep 10, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-25221 third-party-advisory
- https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2 third-party-advisory
- http://www.openwall.com/lists/oss-security/2020/09/10/4 third-party-advisory
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7 third-party-advisory
- https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a third-party-advisory
- https://www.openwall.com/lists/oss-security/2020/09/08/4 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-25221 third-party-advisory