Bug 1877575 (CVE-2020-25212)
| Summary: | CVE-2020-25212 kernel: TOCTOU mismatch in the NFS client code | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | acaringi, airlied, bcodding, bhu, blc, bmasney, brdeoliv, bskeggs, dhoward, dvlasenk, dwysocha, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, john.j5live, jonathan, josef, jross, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, mchehab, mcressma, mjg59, mlangsdo, mmilgram, nmurray, ptalbert, qzhao, rt-maint, rvrbovsk, steved, williams, yozone |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the NFSv4 implementation where when mounting a remote attacker controlled server it could return specially crafted response allow for local memory corruption and possibly privilege escalation.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-10-19 20:21:42 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1877576, 1880890, 1880891, 1880892, 1880893, 1880894, 1916422, 1916423, 1916424, 1916716, 1916717, 1916718 | ||
| Bug Blocks: | 1877577 | ||
|
Description
Pedro Sampaio
2020-09-09 20:57:14 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1877576] This was fixed for Fedora with the 5.8 stable rebases. Mitigation: While there is no known mitigation to this flaw, configuring authentication and only mounting authenticated NFSv4 servers will significantly reduce the risk of this flaw being successfully exploited. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4279 https://access.redhat.com/errata/RHSA-2020:4279 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-25212 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:5437 https://access.redhat.com/errata/RHSA-2020:5437 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:5441 https://access.redhat.com/errata/RHSA-2020:5441 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2021:0526 https://access.redhat.com/errata/RHSA-2021:0526 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2021:0760 https://access.redhat.com/errata/RHSA-2021:0760 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2021:0878 https://access.redhat.com/errata/RHSA-2021:0878 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1578 https://access.redhat.com/errata/RHSA-2021:1578 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1739 https://access.redhat.com/errata/RHSA-2021:1739 |