Lucene search

K

Veracode Vulnerability DatabaseVERACODE:28081

HistoryDec 06, 2020 - 2:23 a.m.

Denial Of Service (DoS)

2020-12-0602:23:29

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

27

denial of service

linux kernel

vulnerability

local buffer overflow

conntrack netlink configuration

crash

EPSS

0

Percentile

5.1%

Linux kernel is vulnerable to denial of service. Local attackers are able to inject conntrack netlink configuration to overflow a local buffer and cause a crash in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c.

References

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6

git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2020-25211

lists.debian.org/debian-lts-announce/2020/10/msg00028.html

lists.debian.org/debian-lts-announce/2020/10/msg00032.html

lists.debian.org/debian-lts-announce/2020/10/msg00034.html

lists.fedoraproject.org/archives/list/[email protected]/message/BL2O4JAMPJG4YMLLJ7JFDHDJRXN4RKTC/

lists.fedoraproject.org/archives/list/[email protected]/message/OLDYVOM4OS55HA45Y3UEVLDHYGFXPZUX/

security.netapp.com/advisory/ntap-20201009-0001/

twitter.com/grsecurity/status/1303646421158109185

www.debian.org/security/2020/dsa-4774

EPSS

0

Percentile

5.1%

Related for VERACODE:28081