A flaw was found in the Linux kernels implementation of some networking protocols in encrypted IPsec tunnels. The most common use cases are VXLAN or GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel will not correctly route this tunneled data over the encrypted link but instead will send the data unencrypted. This could allow this information to be intercepted by a Man In the Middle (MITM) attack by an attacker with control over viewing contents between the two connection endpoints. Fixed in: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=6c8991f41546 Introduced in: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=5f81bd2e5d80
Acknowledgments: Name: Xiumei Mu (Red Hat QE Engineering)
Trackers above made, going to mark these trackers as duplicates of the product bugs. Leaving the -rt trackers.
Mitigation: Disabling the IPV6 protocol may be a suitable workaround for systems that do not require the protocol to function correctly, however, if IPV6 is not in use this flaw will not be triggered.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1567 https://access.redhat.com/errata/RHSA-2020:1567
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1769 https://access.redhat.com/errata/RHSA-2020:1769
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-1749
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4062 https://access.redhat.com/errata/RHSA-2020:4062
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4060 https://access.redhat.com/errata/RHSA-2020:4060
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0354 https://access.redhat.com/errata/RHSA-2021:0354