APPLIED: [PATCH 0/1] [SRU f/linux-oem-5.6] CVE-2020-25645
Tim Gardner
tim.gardner at canonical.com
Fri Mar 19 16:50:52 UTC 2021
Applied to focal/linux-oem-5.6-next. Thanks.
-rtg
On 3/8/21 12:50 PM, Tim Gardner wrote:
> [Impact]
> A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between
> two Geneve endpoints may be unencrypted when IPsec is configured to encrypt
> traffic for the specific UDP port used by the GENEVE tunnel allowing anyone
> between the two endpoints to read the traffic unencrypted. The main threat
> from this vulnerability is to data confidentiality.
>
> From the Ubuntu security team:
> It was discovered that the GENEVE tunnel implementation in the Linux kernel
> when combined with IPSec did not properly select IP routes in some situations.
> An attacker could use this to expose sensitive information (unencrypted network
> traffic).
>
> [Test Case]
> None
>
> [Potential regression]
> This patch has been released in linux-4.4.y, linux-4.14.y, linux-4.19.y, linux-5.4.y, and linux-5.8.y
>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list