Bug 1809833 (CVE-2020-1749) - CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel
Summary: CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-1749
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1774447 1809840 1809848 1774440 1809837 1809838 1809839
Blocks: 1784146
TreeView+ depends on / blocked
 
Reported: 2020-03-04 01:31 UTC by Wade Mealing
Modified: 2020-09-24 13:40 UTC (History)
25 users (show)

Fixed In Version: Linux kernel version 5.5
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
Clone Of:
Environment:
Last Closed: 2020-04-28 16:35:25 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:2052 None None None 2020-05-11 12:54:02 UTC
Red Hat Product Errata RHBA-2020:2626 None None None 2020-06-19 01:50:17 UTC
Red Hat Product Errata RHSA-2020:1567 None None None 2020-04-28 15:25:27 UTC
Red Hat Product Errata RHSA-2020:1769 None None None 2020-04-28 15:52:07 UTC

Description Wade Mealing 2020-03-04 01:31:16 UTC
A flaw was found in the Linux kernels implementation of some networking protocols in encrypted IPsec tunnels.

The most common use cases are VXLAN or GENEVE tunnels over IPv6.  When an encrypted tunnel is created between two hosts, the kernel will not correctly route this tunneled data over the encrypted link but instead will send the data unencrypted.

This could allow this information to be intercepted by a Man In the Middle (MITM) attack by an attacker with control over viewing contents between the two connection endpoints.

Fixed in:
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=6c8991f41546

Introduced in:
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=5f81bd2e5d80

Comment 1 Wade Mealing 2020-03-04 01:31:21 UTC
Acknowledgments:

Name: Xiumei Mu (Red Hat QE Engineering)

Comment 6 Wade Mealing 2020-03-04 02:01:23 UTC
Trackers above made, going to mark these trackers as duplicates of the product bugs. Leaving the -rt trackers.

Comment 15 Wade Mealing 2020-03-24 23:08:25 UTC
Mitigation:

Disabling the IPV6 protocol may be a suitable workaround for systems that do not require the protocol to function correctly, however, if IPV6 is not in use this flaw will not be triggered.

Comment 16 errata-xmlrpc 2020-04-28 15:25:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1567 https://access.redhat.com/errata/RHSA-2020:1567

Comment 17 errata-xmlrpc 2020-04-28 15:52:04 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1769 https://access.redhat.com/errata/RHSA-2020:1769

Comment 18 Product Security DevOps Team 2020-04-28 16:35:25 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-1749


Note You need to log in before you can comment on or make changes to this bug.