{ "threat_severity" : "Moderate", "public_date" : "2020-09-30T00:24:00Z", "bugzilla" : { "description" : "kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS", "id" : "1881424", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1881424" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-835", "details" : [ "A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.", "A flaw was found in the Linux kernel’s implementation of biovecs. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2020-11-10T00:00:00Z", "advisory" : "RHSA-2020:5079", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "kernel-alt-0:4.14.0-115.33.1.el7a" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-11-04T00:00:00Z", "advisory" : "RHSA-2020:4609", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-240.rt7.54.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-11-04T00:00:00Z", "advisory" : "RHSA-2020:4431", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-240.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date" : "2020-12-08T00:00:00Z", "advisory" : "RHSA-2020:5374", "cpe" : "cpe:/o:redhat:rhel_eus:8.1", "package" : "kernel-0:4.18.0-147.34.1.el8_1" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date" : "2021-01-14T00:00:00Z", "advisory" : "RHSA-2021:0136", "cpe" : "cpe:/a:redhat:rhel_eus:8.2::nfv", "package" : "kernel-rt-0:4.18.0-193.40.1.rt13.90.el8_2" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date" : "2021-01-12T00:00:00Z", "advisory" : "RHSA-2021:0073", "cpe" : "cpe:/o:redhat:rhel_eus:8.2", "package" : "kernel-0:4.18.0-193.40.1.el8_2" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise MRG 2", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/a:redhat:enterprise_mrg:2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-25641\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25641\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7e24969022cbd61ddc586f14824fc205661bb124\nhttps://www.kernel.org/doc/html/latest/block/biovecs.html" ], "name" : "CVE-2020-25641", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }