Bug 1809833 (CVE-2020-1749) - CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel.
Summary: CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel.
Keywords:
Status: NEW
Alias: CVE-2020-1749
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1774440 1774447 1809838 1809840 1809848 1809837 1809839
Blocks: 1784146
TreeView+ depends on / blocked
 
Reported: 2020-03-04 01:31 UTC by Wade Mealing
Modified: 2020-03-24 23:08 UTC (History)
25 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Wade Mealing 2020-03-04 01:31:16 UTC
A flaw was found in the Linux kernels implementation of some networking protocols in encrypted IPsec tunnels.

The most common use cases are VXLAN or GENEVE tunnels over IPv6.  When an encrypted tunnel is created between two hosts, the kernel will not correctly route this tunneled data over the encrypted link but instead will send the data unencrypted.

This could allow this information to be intercepted by a Man In the Middle (MITM) attack by an attacker with control over viewing contents between the two connection endpoints.

Fixed in:
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=6c8991f41546

Introduced in:
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=5f81bd2e5d80

Comment 1 Wade Mealing 2020-03-04 01:31:21 UTC
Acknowledgments:

Name: Xiumei Mu (Red Hat QE Engineering)

Comment 6 Wade Mealing 2020-03-04 02:01:23 UTC
Trackers above made, going to mark these trackers as duplicates of the product bugs. Leaving the -rt trackers.

Comment 15 Wade Mealing 2020-03-24 23:08:25 UTC
Mitigation:

Disabling the IPV6 protocol may be a suitable workaround for systems that do not require the protocol to function correctly, however, if IPV6 is not in use this flaw will not be triggered.


Note You need to log in before you can comment on or make changes to this bug.