[PATCH 0/1 3rd attempt] [SRU focal/linux-oem-5.6] CVE-2020-25705
Tim Gardner
tim.gardner at canonical.com
Tue Feb 23 13:52:08 UTC 2021
[Impact]
A flaw in the way reply ICMP packets are limited in the Linux kernel
functionality was found that allows to quickly scan open UDP ports.
This flaw allows an off-path remote user to effectively bypassing source
port UDP randomization. The highest threat from this vulnerability is to
confidentiality and possibly integrity, because software that relies on UDP
source port randomization are indirectly affected as well. Kernel versions
before 5.10 may be vulnerable to this issue.
>From the Ubuntu security team:
Keyu Man discovered that the ICMP global rate limiter in the Linux kernel
could be used to assist in scanning open UDP ports. A remote attacker could
use to facilitate attacks on UDP based services that depend on source port
randomization.
[Test Case]
Given the nature of the exploit, a test case is not feasible.
[Potential regression]
This is a simple one line code change that has been released in all
other Focal kernels without regression.
More information about the kernel-team
mailing list