CVE-2020-25221
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2020-25221
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2020-25221.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 5.8.7-1 |
| debian | bullseye | fixed | 5.8.7-1 |
| debian | forky | fixed | 5.8.7-1 |
| debian | sid | fixed | 5.8.7-1 |
| debian | trixie | fixed | 5.8.7-1 |
References
Verify integrity in audit chain (admin only). AS-IS.