CVE-2020-25643

HIGH

Linux Kernel < 5.9-rc7 - Memory Corruption and Denial of Service in HDLC_PPP Module

Title source: llm
STIX 2.1

Description

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References (10)

Core 10
Core References
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html
Third Party Advisory vendor-advisory
https://www.debian.org/security/2020/dsa-4774
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1879981

Scores

CVSS v3 7.2
EPSS 0.0026
EPSS Percentile 49.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (10)
debian/debian_linux 9.0
debian/debian_linux 10.0
linux/linux_kernel 5.9.0 rc1 (6 CPE variants)
linux/linux_kernel 2.6.29 - 4.4.238
netapp/h410c_firmware
opensuse/leap 15.1
opensuse/leap 15.2
redhat/enterprise_linux 7.0
redhat/enterprise_linux 8.0
starwindsoftware/starwind_virtual_san v8 build12533 (6 CPE variants)
Published Oct 06, 2020
Tracked Since Feb 18, 2026