CVE-2020-25645

Published: 10/13/2020 Last updated: 8/4/2024 Reserved: 9/16/2020

A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (1)

Product	Vendor	Version
kernel	n/a	<= 2.0.6

References (16)

https://bugzilla.redhat.com/show_bug.cgi?id=1883988
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html
https://www.debian.org/security/2020/dsa-4774
https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html
https://security.netapp.com/advisory/ntap-20201103-0004/
https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html
https://bugzilla.redhat.com/show_bug.cgi?id=1883988
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html
https://www.debian.org/security/2020/dsa-4774
https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html
https://security.netapp.com/advisory/ntap-20201103-0004/
https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html