[PATCH 0/1] [SRU f/linux-oem-5.6] CVE-2020-25645
Tim Gardner
tim.gardner at canonical.com
Mon Mar 8 19:50:06 UTC 2021
[Impact]
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between
two Geneve endpoints may be unencrypted when IPsec is configured to encrypt
traffic for the specific UDP port used by the GENEVE tunnel allowing anyone
between the two endpoints to read the traffic unencrypted. The main threat
from this vulnerability is to data confidentiality.
>From the Ubuntu security team:
It was discovered that the GENEVE tunnel implementation in the Linux kernel
when combined with IPSec did not properly select IP routes in some situations.
An attacker could use this to expose sensitive information (unencrypted network
traffic).
[Test Case]
None
[Potential regression]
This patch has been released in linux-4.4.y, linux-4.14.y, linux-4.19.y, linux-5.4.y, and linux-5.8.y
More information about the kernel-team
mailing list