CVE-2020-25221

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a", "name": "https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2", "name": "https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://www.openwall.com/lists/oss-security/2020/09/08/4", "name": "https://www.openwall.com/lists/oss-security/2020/09/08/4", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7", "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2020/09/10/4", "name": "[oss-security] 20200910 Re: CVE Request: Linux kernel vsyscall page refcounting error", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://security.netapp.com/advisory/ntap-20201001-0003/", "name": "https://security.netapp.com/advisory/ntap-20201001-0003/", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-672"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-25221", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}}, "publishedDate": "2020-09-10T14:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.8.7", "versionStartIncluding": "5.7.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-02T22:23Z"}