CVE-2020-25221

HIGH

Linux Kernel < 5.8.7 - Privilege Escalation

Title source: rule

Description

get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.

Exploits (1)

github 34 stars

by DarkFunct · cpoc

https://github.com/DarkFunct/CVE_Exploits/tree/main/CVE-2020-25221

References (6)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2020/09/10/4

[Release Notes, Vendor Advisory] https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7

[Issue Tracking, Patch, Vendor Advisory] https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a

[Issue Tracking, Patch, Vendor Advisory] https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20201001-0003/

[Mailing List, Patch, Third Party Advisory] https://www.openwall.com/lists/oss-security/2020/09/08/4

Scores

CVSS v3 7.8

EPSS 0.0019

EPSS Percentile 41.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-672

Status published

Affected Products (6)

linux/linux_kernel < 5.8.7

netapp/cloud_backup

netapp/solidfire\,_enterprise_sds_\&_hci_storage_node

netapp/solidfire_\&_hci_management_node

netapp/hci_compute_node

netapp/solidfire_baseboard_management_controller

Timeline

Published Sep 10, 2020

Tracked Since Feb 18, 2026